Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse patched_c.MIS HELP PLEASE!!


  • This topic is locked This topic is locked
49 replies to this topic

#1 fayaw

fayaw

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 10:42 AM

Hi, AVG scan showed my laptop was infected with Trojan horse patched_c.MIS, it in C:\Windows\System32\Services.exe.

 

I tried all sorts of Malware scanning tools but had no luck to completely remove the trojan virus. If I tried to remove it with AVG, my computer shuts down by itself.

 

Could you please help! Thank you.

 

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:48 AM

Posted 23 October 2013 - 10:58 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • I'll catch you tomorror sinice I need my sleep. :)

 

 

Regards,
Georgi


cXfZ4wS.png


#3 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 11:05 AM

Georgi. Thank you much for your prompt reply. Will chat with you tomorrow.

 

Can I still use my computer to login to say bank web sites? I have AVG installed.



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:48 AM

Posted 23 October 2013 - 11:20 AM

Hi,

 

It's not recommended because I guess you are infected with rootkit ZeroAccess so I would avoid using the computer for sensitive operations...

However I can't say much without the log files.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 11:26 AM

Once again, thank you Georgi for your reply. I already have the scan done. Do you want it now or tomorrow?



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:48 AM

Posted 23 October 2013 - 11:29 AM

Hi,

 

It's your call...choose what is the best for yourself. ;)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 12:19 PM

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013
Ran by Tuffzone (administrator) on MYPC on 23-10-2013 12:03:48
Running from C:\Users\Tuffzone\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Funshion) C:\Users\Tuffzone\funshion\funshiontools\FSPAP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\trademanager\AliIM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(阿里云计算有限公司) C:\Program Files (x86)\trademanager\miser\AliimSafe.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intuit, Inc.) c:\PROGRA~2\Intuit\QUICKB~4\QBDBMgrN.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
() C:\Users\Tuffzone\funshion\funshionTools\FunshionSync\aapt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Users\Tuffzone\funshion\funshionTools\FunshionSync\aapt.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Tuffzone\funshion\funshionTools\FunshionSync\aapt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(北京风行在线技术有限公司) C:\Users\Tuffzone\funshion\funshionTools\FunshionSync\FunshionSync.exe
() C:\Users\Tuffzone\funshion\funshionTools\FunshionSync\adb.exe
() C:\Users\Tuffzone\funshion\funshionTools\FunshionSync\adb.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2275944 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2892584 2011-12-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [QQIntl] - C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [128416 2012-06-12] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [aliim] - C:\Program Files (x86)\trademanager\AliIM.exe [293272 2013-05-22] (Alibaba (China) Co., Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Tuffzone\AppData\Local\{323bf096-d0c5-cb98-8dc0-06439c32b297}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {75520e47-5f97-11e2-a574-74de2b86fb45} - D:\LapNetWizard.exe
MountPoints2: {b7f171d2-7394-11e1-b09f-f01ff9854a80} - D:\LaunchU3.exe -a
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] - c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1087752 2009-11-25] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SolidWorks_CheckForUpdates] - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe [7218472 2008-09-16] (Dassault Systèmes SolidWorks Corp.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-22] ()
Startup: C:\Users\Tuffzone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tw.msn.com/?rd=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC49756E10D7FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.le123.com/hao123.html
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.le123.com/hao123.html
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.le123.com/hao123.html
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Program Files (x86)\Funshion Online\Funshion\FunshionBHO.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010 pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll [283976] (youku.com)
Winsock: Catalog9 02 C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll [283976] (youku.com)
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll [283976] (youku.com)
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Tuffzone\AppData\Roaming\Mozilla\Firefox\Profiles\l5jln486.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B92ae5762-5bf9-4ded-afeb-e3c7e593d92f%7D&mid=63983a40fea747d086ed6aad0bdf2a27-7eff92202030490c983f8914fae418009c31645a&ds=AVG&coid=avgtbavg&v=17.0.0.12&lang=en&pr=pr&d=2013-10-22%2010%3A10%3A43&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\trademanager\nptrademanager.dll ( )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 - %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF SearchPlugin: C:\Users\Tuffzone\AppData\Roaming\Mozilla\Firefox\Profiles\l5jln486.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12
FF HKCU\...\Firefox\Extensions: [{4E332EE3-C8AC-11E1-8270-B8AC6F996F26}] - C:\Users\Tuffzone\AppData\Local\{4E332EE3-C8AC-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Tuffzone\AppData\Local\{4E332EE3-C8AC-11E1-8270-B8AC6F996F26}\

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated)
R2 FunshionSvr; C:\Users\Tuffzone\funshion\funshiontools\FunshionSvr.dll [79496 2013-01-23] ()
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation)
R3 QuickBooksDB20; c:\PROGRA~2\Intuit\QUICKB~4\QBDBMgrN.exe [678912 2009-08-18] (Intuit, Inc.)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-22] (AVG Secure Search)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S3 CoordinatorServiceHost; "C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [x]
 



#8 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 12:22 PM

It's fairly long. I tried a few times but failed every try. I broke it down to shorter pieces.

 

PART 2

 

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-22] (AVG Technologies)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 12:03 - 2013-10-23 12:03 - 01955374 _____ (Farbar) C:\Users\Tuffzone\Downloads\FRST64.exe
2013-10-23 12:03 - 2013-10-23 12:03 - 00000000 ____D C:\FRST
2013-10-23 11:56 - 2013-10-23 11:56 - 00033895 _____ C:\Users\Tuffzone\Desktop\attach.txt
2013-10-23 11:56 - 2013-10-23 11:56 - 00023820 _____ C:\Users\Tuffzone\Desktop\dds.txt
2013-10-23 11:53 - 2013-10-23 11:53 - 00688992 ____R (Swearware) C:\Users\Tuffzone\Downloads\dds.scr
2013-10-23 11:08 - 2013-10-23 11:08 - 00000000 ___RD C:\Users\Tuffzone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-23 11:07 - 2013-10-23 11:08 - 00262144 _____ C:\Windows\Minidump\102313-57954-01.dmp
2013-10-23 10:53 - 2013-10-23 10:53 - 04745728 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\aswMBR.exe
2013-10-23 09:05 - 2013-10-23 09:07 - 90813712 _____ (Microsoft Corporation) C:\Users\Tuffzone\Downloads\msert.exe
2013-10-22 20:23 - 2013-10-23 10:19 - 00000180 _____ C:\Windows\system32\avgrep.txt
2013-10-22 20:14 - 2013-10-22 20:15 - 00262144 _____ C:\Windows\Minidump\102213-38033-01.dmp
2013-10-22 14:08 - 2013-10-22 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-22 10:11 - 2013-10-22 10:14 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\AVG SafeGuard toolbar
2013-10-22 10:11 - 2013-10-22 10:11 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\AVG2014
2013-10-22 10:10 - 2013-10-22 10:10 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-22 10:10 - 2013-10-22 10:10 - 00003587 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-22 10:10 - 2013-10-22 10:10 - 00000972 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-22 10:10 - 2013-10-22 10:10 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\TuneUp Software
2013-10-22 10:10 - 2013-10-22 10:10 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-22 10:10 - 2013-10-22 10:10 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-22 10:06 - 2013-10-22 11:19 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-22 10:06 - 2013-10-22 10:06 - 00000000 ___HD C:\$AVG
2013-10-22 09:31 - 2013-10-22 09:31 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\AVAST Software
2013-10-22 09:13 - 2013-10-22 09:13 - 04436576 _____ (AVG Technologies) C:\Users\Tuffzone\Downloads\avg_free_stb_all_2014_4158_freebird.exe
2013-10-22 09:05 - 2013-10-22 09:07 - 85269544 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\avast_free_antivirus_setup.exe
2013-10-22 07:34 - 2013-10-22 07:36 - 33692420 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\avast_internet_security_setup(1).exe.part
2013-10-22 07:34 - 2013-10-22 07:34 - 00000000 _____ C:\Users\Tuffzone\Downloads\avast_internet_security_setup(1).exe
2013-10-22 05:52 - 2013-10-22 05:52 - 00000000 ____D C:\5839432b63844a4b9b
2013-10-22 05:49 - 2013-10-22 05:51 - 22205064 _____ (Microsoft Corporation) C:\Users\Tuffzone\Downloads\Windows-KB890830-x64-V5.5.exe
2013-10-22 05:44 - 2013-10-22 09:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-22 05:43 - 2013-10-22 05:48 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-10-22 05:25 - 2013-10-22 05:26 - 00262144 _____ C:\Windows\Minidump\102213-28126-01.dmp
2013-10-22 01:50 - 2013-10-22 01:50 - 33993180 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\avast_internet_security_setup.exe.part
2013-10-22 01:50 - 2013-10-22 01:50 - 00000000 _____ C:\Users\Tuffzone\Downloads\avast_internet_security_setup.exe
2013-10-22 01:47 - 2013-10-22 01:47 - 00003240 _____ C:\Windows\System32\Tasks\{960B8C7F-3D6B-4C2B-AE78-1AE63AFECF7E}
2013-10-22 01:44 - 2013-10-22 10:16 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\Avg2014
2013-10-22 01:44 - 2013-10-22 01:44 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\MFAData
2013-10-22 01:43 - 2013-10-22 01:43 - 04436568 _____ (AVG Technologies) C:\Users\Tuffzone\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-10-22 00:58 - 2013-10-22 00:58 - 00001738 _____ C:\Users\Tuffzone\Downloads\License_18187657(1).avastlic
2013-10-22 00:39 - 2013-10-22 00:40 - 00001738 _____ C:\Users\Tuffzone\Downloads\License_18187657.avastlic
2013-10-22 00:26 - 2013-10-22 00:26 - 00262144 _____ C:\Windows\Minidump\102213-27986-01.dmp
2013-10-22 00:06 - 2013-10-23 11:07 - 583175428 _____ C:\Windows\MEMORY.DMP
2013-10-22 00:06 - 2013-10-23 11:07 - 00000000 ____D C:\Windows\Minidump
2013-10-22 00:06 - 2013-10-22 00:07 - 00262144 _____ C:\Windows\Minidump\102213-29998-01.dmp
2013-10-21 22:35 - 2013-10-21 22:35 - 00003728 ____N C:\bootsqm.dat
2013-10-17 20:39 - 2013-10-17 20:39 - 00000000 ____D C:\Users\Tuffzone\Documents\LEGO Creations
2013-10-17 20:36 - 2013-10-17 20:36 - 00000000 ____D C:\Program Files (x86)\National Instruments
2013-10-17 20:36 - 2013-10-17 20:36 - 00000000 ____D C:\Program Files (x86)\LEGO Software
2013-10-17 20:36 - 2013-10-17 20:36 - 00000000 ____D C:\Program Files (x86)\IVI Foundation
2013-10-17 20:20 - 2013-10-22 03:55 - 00000000 ____D C:\ProgramData\National Instruments
2013-10-03 09:10 - 2013-10-03 09:10 - 00000000 ____D C:\Users\Public\Fundata
2013-09-26 09:44 - 2013-09-26 09:44 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys

==================== One Month Modified Files and Folders =======

2013-10-23 12:03 - 2013-10-23 12:03 - 01955374 _____ (Farbar) C:\Users\Tuffzone\Downloads\FRST64.exe
2013-10-23 12:03 - 2013-10-23 12:03 - 00000000 ____D C:\FRST
2013-10-23 11:56 - 2013-10-23 11:56 - 00033895 _____ C:\Users\Tuffzone\Desktop\attach.txt
2013-10-23 11:56 - 2013-10-23 11:56 - 00023820 _____ C:\Users\Tuffzone\Desktop\dds.txt
2013-10-23 11:53 - 2013-10-23 11:53 - 00688992 ____R (Swearware) C:\Users\Tuffzone\Downloads\dds.scr
2013-10-23 11:51 - 2013-02-16 09:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-23 11:39 - 2012-07-07 21:35 - 00000000 ____D C:\ProgramData\MFAData
2013-10-23 11:35 - 2012-03-15 15:30 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-23 11:23 - 2009-07-14 00:45 - 00025248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 11:23 - 2009-07-14 00:45 - 00025248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 11:08 - 2013-10-23 11:08 - 00000000 ___RD C:\Users\Tuffzone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-23 11:08 - 2013-10-23 11:07 - 00262144 _____ C:\Windows\Minidump\102313-57954-01.dmp
2013-10-23 11:08 - 2013-03-05 15:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-23 11:08 - 2013-01-06 01:32 - 00000000 ____D C:\Program Files (x86)\trademanager
2013-10-23 11:08 - 2012-03-15 15:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 11:08 - 2012-02-20 09:46 - 00000000 ____D C:\Users\Tuffzone\Documents\Tencent Files
2013-10-23 11:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 11:08 - 2009-07-14 00:51 - 00097330 _____ C:\Windows\setupact.log
2013-10-23 11:07 - 2013-10-22 00:06 - 583175428 _____ C:\Windows\MEMORY.DMP
2013-10-23 11:07 - 2013-10-22 00:06 - 00000000 ____D C:\Windows\Minidump
2013-10-23 10:53 - 2013-10-23 10:53 - 04745728 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\aswMBR.exe
2013-10-23 10:19 - 2013-10-22 20:23 - 00000180 _____ C:\Windows\system32\avgrep.txt
2013-10-23 09:07 - 2013-10-23 09:05 - 90813712 _____ (Microsoft Corporation) C:\Users\Tuffzone\Downloads\msert.exe
2013-10-23 08:47 - 2009-07-14 01:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 08:44 - 2012-02-13 11:15 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\Skype
2013-10-22 20:15 - 2013-10-22 20:14 - 00262144 _____ C:\Windows\Minidump\102213-38033-01.dmp
2013-10-22 19:16 - 2011-10-26 23:08 - 01887649 _____ C:\Windows\WindowsUpdate.log
2013-10-22 19:15 - 2012-02-07 05:52 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\CrashDumps
2013-10-22 16:02 - 2012-05-09 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-22 15:32 - 2013-01-23 23:04 - 00002512 _____ C:\Users\Tuffzone\funshion.ini
2013-10-22 14:08 - 2013-10-22 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-22 11:19 - 2013-10-22 10:06 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-22 10:16 - 2013-10-22 01:44 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\Avg2014
2013-10-22 10:14 - 2013-10-22 10:11 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\AVG SafeGuard toolbar
2013-10-22 10:11 - 2013-10-22 10:11 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\AVG2014
2013-10-22 10:11 - 2012-07-07 21:47 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-22 10:10 - 2013-10-22 10:10 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-22 10:10 - 2013-10-22 10:10 - 00003587 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-22 10:10 - 2013-10-22 10:10 - 00000972 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-22 10:10 - 2013-10-22 10:10 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\TuneUp Software
2013-10-22 10:10 - 2013-10-22 10:10 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-22 10:10 - 2013-10-22 10:10 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-22 10:06 - 2013-10-22 10:06 - 00000000 ___HD C:\$AVG
2013-10-22 10:05 - 2012-07-07 21:43 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-22 09:49 - 2012-07-08 22:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-22 09:49 - 2010-11-20 23:47 - 00934266 _____ C:\Windows\PFRO.log
2013-10-22 09:36 - 2013-10-22 05:44 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-22 09:31 - 2013-10-22 09:31 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\AVAST Software
2013-10-22 09:30 - 2012-07-08 22:41 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-22 09:30 - 2012-03-15 15:30 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-22 09:30 - 2012-03-15 15:30 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-22 09:28 - 2012-02-11 13:24 - 00000000 ____D C:\Users\QBDataServiceUser20
2013-10-22 09:13 - 2013-10-22 09:13 - 04436576 _____ (AVG Technologies) C:\Users\Tuffzone\Downloads\avg_free_stb_all_2014_4158_freebird.exe
2013-10-22 09:07 - 2013-10-22 09:05 - 85269544 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\avast_free_antivirus_setup.exe
2013-10-22 07:36 - 2013-10-22 07:34 - 33692420 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\avast_internet_security_setup(1).exe.part
2013-10-22 07:34 - 2013-10-22 07:34 - 00000000 _____ C:\Users\Tuffzone\Downloads\avast_internet_security_setup(1).exe
2013-10-22 07:34 - 2013-02-16 09:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-22 07:34 - 2012-04-30 09:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-22 07:34 - 2011-09-29 20:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-22 05:52 - 2013-10-22 05:52 - 00000000 ____D C:\5839432b63844a4b9b
2013-10-22 05:51 - 2013-10-22 05:49 - 22205064 _____ (Microsoft Corporation) C:\Users\Tuffzone\Downloads\Windows-KB890830-x64-V5.5.exe
2013-10-22 05:48 - 2013-10-22 05:43 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-10-22 05:43 - 2012-07-08 22:41 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-22 05:26 - 2013-10-22 05:25 - 00262144 _____ C:\Windows\Minidump\102213-28126-01.dmp
2013-10-22 05:26 - 2012-02-06 09:06 - 00000000 ____D C:\Users\Tuffzone
2013-10-22 04:15 - 2012-02-06 09:05 - 00000000 __SHD C:\Recovery
2013-10-22 04:04 - 2013-03-08 08:19 - 00000000 ____D C:\Users\Tuffzone\funshion
2013-10-22 04:04 - 2012-03-15 15:30 - 00000000 ____D C:\Program Files\Common Files\WebM Project
2013-10-22 04:04 - 2012-03-10 00:32 - 00000000 ____D C:\Windows\system32\Macromed
2013-10-22 04:04 - 2012-02-10 17:36 - 00000000 ____D C:\Users\Tuffzone\AppData\Roaming\PDF Writer
2013-10-22 04:04 - 2012-02-08 15:05 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2013-10-22 04:04 - 2012-02-06 22:01 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\Microsoft Help
2013-10-22 04:04 - 2012-02-06 09:07 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\PowerCinema
2013-10-22 04:04 - 2011-09-29 20:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-10-22 04:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-10-22 04:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-22 04:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-22 04:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-10-22 04:02 - 2012-03-10 00:24 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\Mozilla
2013-10-22 04:02 - 2012-03-04 13:07 - 00000000 ___RD C:\Share_Folder
2013-10-22 04:01 - 2013-03-08 08:19 - 00000000 ____D C:\Program Files (x86)\Funshion Online
2013-10-22 04:01 - 2012-02-09 19:41 - 00000000 ____D C:\02-MyStuff
2013-10-22 03:55 - 2013-10-17 20:20 - 00000000 ____D C:\ProgramData\National Instruments
2013-10-22 01:50 - 2013-10-22 01:50 - 33993180 _____ (AVAST Software) C:\Users\Tuffzone\Downloads\avast_internet_security_setup.exe.part
2013-10-22 01:50 - 2013-10-22 01:50 - 00000000 _____ C:\Users\Tuffzone\Downloads\avast_internet_security_setup.exe
2013-10-22 01:47 - 2013-10-22 01:47 - 00003240 _____ C:\Windows\System32\Tasks\{960B8C7F-3D6B-4C2B-AE78-1AE63AFECF7E}
2013-10-22 01:44 - 2013-10-22 01:44 - 00000000 ____D C:\Users\Tuffzone\AppData\Local\MFAData
2013-10-22 01:43 - 2013-10-22 01:43 - 04436568 _____ (AVG Technologies) C:\Users\Tuffzone\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-10-22 00:58 - 2013-10-22 00:58 - 00001738 _____ C:\Users\Tuffzone\Downloads\License_18187657(1).avastlic
2013-10-22 00:40 - 2013-10-22 00:39 - 00001738 _____ C:\Users\Tuffzone\Downloads\License_18187657.avastlic
2013-10-22 00:26 - 2013-10-22 00:26 - 00262144 _____ C:\Windows\Minidump\102213-27986-01.dmp
2013-10-22 00:07 - 2013-10-22 00:06 - 00262144 _____ C:\Windows\Minidump\102213-29998-01.dmp
2013-10-21 22:35 - 2013-10-21 22:35 - 00003728 ____N C:\bootsqm.dat
2013-10-17 20:39 - 2013-10-17 20:39 - 00000000 ____D C:\Users\Tuffzone\Documents\LEGO Creations
2013-10-17 20:36 - 2013-10-17 20:36 - 00000000 ____D C:\Program Files (x86)\National Instruments
2013-10-17 20:36 - 2013-10-17 20:36 - 00000000 ____D C:\Program Files (x86)\LEGO Software
2013-10-17 20:36 - 2013-10-17 20:36 - 00000000 ____D C:\Program Files (x86)\IVI Foundation
2013-10-14 13:41 - 2012-07-08 22:41 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-10-05 09:30 - 2012-07-15 11:12 - 00000000 ____D C:\Users\Tuffzone\Documents\Bluetooth Folder
2013-10-03 09:10 - 2013-10-03 09:10 - 00000000 ____D C:\Users\Public\Fundata
2013-09-26 09:44 - 2013-09-26 09:44 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgfwd6a.sys
2013-09-26 01:46 - 2011-09-29 21:38 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys

ZeroAccess:
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\@
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\00000008.@
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz100.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1000.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1006.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz101.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1012.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1013.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1014.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1015.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1016.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1017.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1018.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1019.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz101A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1020.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1027.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1028.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1029.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz102A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz102B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz102C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz102F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1030.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1031.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1032.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1035.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1036.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1037.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1038.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1039.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz103B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1040.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1043.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1044.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1045.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz104C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1052.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1053.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1054.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1055.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz105B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz105C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz105D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz105E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz105F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1060.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1062.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1063.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1066.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1079.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz107A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz107B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz107C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1084.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz108A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz108B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz108D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz108E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1090.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1095.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1096.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1097.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1098.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz109B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz109D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz109E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10A4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10A5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10AB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10AC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10AD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10B1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10B2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10B3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10B7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10B8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10B9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10BA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10C1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10C6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10C7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10C8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10CB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10CC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10CD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10CE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10CF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10D7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10D9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10DA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10DC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10E0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10E1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10E2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10E8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10EE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10EF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz10F9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1100.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1101.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1103.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1106.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1107.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1109.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz110B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz110C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz110E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz110F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1110.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1111.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1112.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1114.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1115.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1116.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz111E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1124.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1132.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1134.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1135.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1136.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1137.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1138.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1139.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz113B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz113C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz113D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz113E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz113F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1141.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1142.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1148.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1149.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz114C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz114D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz114E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz114F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz115.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1150.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1151.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1152.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1153.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1154.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1157.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1158.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1159.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz115C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz115D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1161.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1162.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1163.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1164.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1165.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1166.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1167.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1169.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz116D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz116E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz116F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz117.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1171.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1172.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1173.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1178.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1179.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz117E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1186.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz118D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz119.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1190.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1194.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1195.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1196.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz119D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz119E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz119F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11A9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11AF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11B0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11B1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11B4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11B5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11B6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11BA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11BC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11BD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11BF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11C6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11C7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11CE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11D1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11D3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11D4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11D5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11D9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11DA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11DB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11DD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11E8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11EB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11EC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11ED.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11EE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11EF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11F0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11F1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11F2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11F3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11F5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11F6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11FA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11FC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz11FD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1201.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1202.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1203.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1204.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1205.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1206.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1209.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz120A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz120B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz120C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz120D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1210.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1213.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz121A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz121F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1220.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1222.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1224.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1225.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1226.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1227.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1228.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1229.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1231.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1233.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1236.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz123B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1240.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1241.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1242.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1243.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1246.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1247.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz124A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz124C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz124E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz124F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1250.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1251.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1257.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz125C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz125F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz126.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1267.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1269.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz126B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz126C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz126F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1273.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1278.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1279.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz127C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1281.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1289.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz128E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz128F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz129.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1291.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1292.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1293.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1294.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1297.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz129A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz129D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz129F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12A4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12A9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12AC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12AF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12B0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12B2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12B6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12B7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12B9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12BF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12C9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12CA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12CD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12CF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12D0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12D1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12D7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12D9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12DE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12E4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12E7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12E8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12E9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12EC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12ED.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12EF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12F0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12F1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12F2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12F4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12F5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12FB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12FC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12FD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12FE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz12FF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1301.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1306.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1307.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1308.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1309.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz130E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz131B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz131F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1322.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1323.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1325.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1327.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1328.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1329.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz132B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz132D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1333.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz133C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz133E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1341.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1346.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1347.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz134C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz134D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1351.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1352.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1353.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1354.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1358.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz135C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz135F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1360.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1362.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1363.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1364.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1365.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1367.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1369.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz136A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz136C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz136E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz136F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1371.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1372.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1373.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1376.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1377.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1378.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1383.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1384.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz138A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz139.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1392.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1394.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1397.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1398.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1399.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz139A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz139B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13A0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13A1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13A4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13A8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13AA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13AB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13AC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13AE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13AF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13B0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13B3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13B7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13BB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13BE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13C0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13C1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13C2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13C4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13C5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13CE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13D4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13D7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13D8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13D9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13DE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13E8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13F0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13F3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13F4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz13FE.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1402.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1403.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1404.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1406.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1407.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz140A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz140B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz140D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz140E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1410.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1411.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1416.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1417.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1418.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1419.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz141B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz142.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1422.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1424.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz142E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz142F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1437.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1439.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1441.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1443.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1444.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz144A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1450.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1452.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1455.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz145F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz146.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1460.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1461.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1462.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1463.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1465.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz146D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz146E.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz147.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1471.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1472.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz148.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1481.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1484.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1486.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1487.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1488.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz148A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz148C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz148D.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz148F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz149.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1491.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1492.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14A9.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14AD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14B.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14B0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14B1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14B2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14BB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14BC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14BF.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C0.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C4.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14C8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14CA.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14D1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14D2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14D5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14DB.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14DC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14E1.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14E2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14EC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F2.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F3.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F5.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F6.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F7.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14F8.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14FC.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz14FD.tmp
C:\Windows\Installer\{323bf096-d0c5-cb98-8dc0-06439c32b297}\U\trz1502.tmp


Please let me know if you want me to continue. It's long :(



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:48 AM

Posted 23 October 2013 - 12:34 PM

Hi,

 

Please upload the file here and post the lino to the file in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 04:34 PM

please see link below
 
https://www.dropbox.com/s/duyk5m7zllal78d/FRST.txt
 
 
filedropper does not work well. I had hard time to upload and get the share link. The server was busy or something.



#11 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 04:37 PM

File attached for  your review.



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:48 AM

Posted 23 October 2013 - 06:01 PM

Hi,

 

You forgot to attach the Addition.txt.

Also from the log I noticed that you use a tons of security applications like avast!, AVG, Tencent etc and this is not recommended:

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove both of the security applications except one of your choice.

 

 

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".

Copy/paste the following text at the command prompt and press enter after each line:

sfc.exe /scanfile=c:\windows\system32\services.exe

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Upload it here and post the link to the log in your next reply.

Reboot the computer in order the changes to take effect

 

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 08:00 PM

Thank you Georgi. I used to purchase AVAST annual plan for my primary computer protetion. This year I forgot to renew and the computer ended up with virus infection. I renewed my Avast plan but was not able to insert the license key anymore. Computer simply shut down with every try. So I shopped around and decided to go with AVG free edition. That's some background story.

 

I did try to attach the file last time. Don't know why it didn't go through. Hopefully you can see the attachment this time.

Attached Files



#14 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 08:30 PM

I tried this, sfc.exe /scanfile=c:\windows\system32\services.exe, it says file repaired or something. I reboot the computer and that annoying virus infection message didn't show up!!! I scanned the folder that had threats before, it came out clean!!! I'm so thankful, you and your magic, Georgi. I'm not sure everything is ok yet but at least I see a good sign after so many fruitless efforts.



#15 fayaw

fayaw
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 23 October 2013 - 08:34 PM

Doing the whole computer scanning with AVG right now, 53% done up to now, ZERO threat!!! 

 

I'm singing in the rain~~~singing in the rain~~~What a glorious feelin'  I'm happy again~~~  :bounce:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users