Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Spyware: Pop ups


  • This topic is locked This topic is locked
9 replies to this topic

#1 jjssj1

jjssj1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 17 March 2014 - 03:50 AM

 Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 08:47:48, on 17/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
 
FIREFOX: 27.0.1 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Users\s\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://E:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8946 bytes
 


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 AM

Posted 17 March 2014 - 07:14 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jjssj1

jjssj1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 20 March 2014 - 10:02 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by s (administrator) on S-PC on 20-03-2014 14:59:53
Running from E:\Downloads(1tb)
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apache Software Foundation) C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office\Office15\MsoSync.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~2\WS_X64~1.BOO => C:\Program Files (x86)\WS_x64.Booster [4383232 2014-03-04] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=aw_14_10_CH&cd=2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtB0ByD0A0AtC0FyByDyBtN0D0Tzu0SyBzyzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAtDyB0EyBtAyCtGzytDtAyBtGyDyDzy0FtGtA0DzzzytGtB0AyE0EyEtB0C0DyCtD0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytB0CyCyEtCtAtGyC0CtAzztGyD0EtByBtGtBzz0EtDtGyEyD0BtA0A0AyDzyyE0EyDzy2Q&cr=379833679&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x51D9B3EBA8FDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=aw_14_10_CH&cd=2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtB0ByD0A0AtC0FyByDyBtN0D0Tzu0SyBzyzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAtDyB0EyBtAyCtGzytDtAyBtGyDyDzy0FtGtA0DzzzytGtB0AyE0EyEtB0C0DyCtD0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytB0CyCyEtCtAtGyC0CtAzztGyD0EtByBtGtBzz0EtDtGyEyD0BtA0A0AyDzyyE0EyDzy2Q&cr=379833679&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=aw_14_10_CH&cd=2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtB0ByD0A0AtC0FyByDyBtN0D0Tzu0SyBzyzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAtDyB0EyBtAyCtGzytDtAyBtGyDyDzy0FtGtA0DzzzytGtB0AyE0EyEtB0C0DyCtD0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytB0CyCyEtCtAtGyC0CtAzztGyD0EtByBtGtBzz0EtDtGyEyD0BtA0A0AyDzyyE0EyDzy2Q&cr=379833679&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=aw_14_10_CH&cd=2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtB0ByD0A0AtC0FyByDyBtN0D0Tzu0SyBzyzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAtDyB0EyBtAyCtGzytDtAyBtGyDyDzy0FtGtA0DzzzytGtB0AyE0EyEtB0C0DyCtD0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytB0CyCyEtCtAtGyC0CtAzztGyD0EtByBtGtBzz0EtDtGyEyD0BtA0A0AyDzyyE0EyDzy2Q&cr=379833679&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324774&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP85E2C1A5-E53E-49FE-9BCD-A6DB616FF74A&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=aw_14_10_CH&cd=2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtB0ByD0A0AtC0FyByDyBtN0D0Tzu0SyBzyzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtAtDyB0EyBtAyCtGzytDtAyBtGyDyDzy0FtGtA0DzzzytGtB0AyE0EyEtB0C0DyCtD0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytB0CyCyEtCtAtGyC0CtAzztGyD0EtByBtGtBzz0EtDtGyEyD0BtA0A0AyDzyyE0EyDzy2Q&cr=379833679&ir=
SearchScopes: HKCU - {A8CD774A-A2D8-4C3B-825D-9250DA81BCD2} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0AtD0FtA0CtCtB0ByD0A0AtC0FyByDyBtN0D0Tzu0SyByEyDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1399583250&ir=
BHO: websave - {2FFA483C-D01F-F2C3-7F3E-24CC96F1BC73} - C:\Program Files (x86)\websave\kpALb3gPNF.x64.dll ()
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - E:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: webssave - {E95B1D84-E865-23F8-2CDB-7EA16E82D093} - C:\Program Files (x86)\webssave\R8lit.x64.dll No File
BHO: YoutubeAdblocker - {F40F1993-A7E9-5A59-B5D9-AF6B5A56AC48} - C:\Program Files (x86)\YoutubeAdblocker\NrHp.x64.dll ()
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default
FF user.js: detected! => C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - E:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\s\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\searchplugins\conduit-search.xml
FF Extension: YoutubeAdblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\k8siieu@cx-.com [2014-03-04]
FF Extension: websave - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\woogv1hfer@mojhkdocye.net [2014-03-04]
FF Extension: webssave - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\y.o@ayecuvi-.edu [2014-03-04]
FF Extension: weebSave - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\yyogovk@swken.net [2014-03-04]
FF Extension: EPUBReader - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-28]
FF Extension: FireFTP - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-05-31]
FF Extension: MySearchDial - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\2m72z9f9.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-02-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-03]
FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (McAfee Security Scan+) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-21]
CHR Extension: (SiteAdvisor) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-10]
CHR Extension: (webssave) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchgmmgcppmlhkpgigibelpfilcglbkn [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (MySearchDial) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-14]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\s\AppData\Local\mysearchdial-speeddial.crx [2014-01-14]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\s\AppData\Local\mysearchdial-speeddial.crx [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\s\AppData\Local\mysearchdial-speeddial.crx [2014-01-14]

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-01] (Duplex Secure Ltd.)
S3 WinRing0_1_2_0; E:\Downloads(1tb)\RealTemp_370\WinRing0x64.sys [14544 2013-06-22] (OpenLibSys.org)
U3 akbfvwyo; C:\Windows\System32\Drivers\akbfvwyo.sys [0 ] (Advanced Micro Devices)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 14:59 - 2014-03-20 14:59 - 00000000 ____D () C:\FRST
2014-03-17 08:55 - 2014-03-17 08:55 - 00000000 ____D () C:\Users\s\Desktop\Jatinder
2014-03-17 08:51 - 2014-03-17 08:51 - 00000026 _____ () C:\Users\s\Desktop\Bleeping computer password.txt
2014-03-17 08:47 - 2014-03-17 08:47 - 00008947 _____ () C:\Users\s\Downloads\hijackthis.log
2014-03-17 08:46 - 2014-03-20 14:53 - 00000280 _____ () C:\Windows\setupact.log
2014-03-17 08:46 - 2014-03-20 09:52 - 00000980 _____ () C:\Windows\PFRO.log
2014-03-17 08:46 - 2014-03-17 08:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 08:43 - 2014-03-17 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\s\Downloads\HijackThis.exe
2014-03-17 08:37 - 2014-03-17 08:37 - 00000909 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-17 08:37 - 2014-03-17 08:37 - 00000000 ____D () C:\Users\s\AppData\Local\VS Revo Group
2014-03-17 08:37 - 2014-03-17 08:37 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-17 08:37 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-17 08:30 - 2014-03-17 08:30 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-17 08:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 20:31 - 2014-03-12 20:31 - 00000000 ____D () C:\ProgramData\vsosdk
2014-03-12 20:27 - 2014-03-12 20:27 - 00000000 ____D () C:\Users\s\AppData\Roaming\295
2014-03-12 20:26 - 2014-03-12 20:26 - 01574206 _____ () C:\Users\s\Downloads\a-user-guide-of-dvdfab9.zip
2014-03-12 20:26 - 2014-03-12 20:26 - 00000000 ____D () C:\Users\s\Downloads\a-user-guide-of-dvdfab9
2014-03-12 20:13 - 2014-03-12 20:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\31116
2014-03-12 20:12 - 2014-03-12 20:22 - 00001007 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk
2014-03-12 20:12 - 2014-03-12 20:22 - 00000000 ____D () C:\Users\s\AppData\Roaming\DVDFab9
2014-03-12 20:12 - 2014-03-12 20:12 - 00000000 ____D () C:\Users\s\Documents\DVDFab9
2014-03-12 20:11 - 2014-03-12 20:38 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2014-03-12 20:10 - 2014-03-12 20:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-08 14:07 - 2014-03-08 14:07 - 00000000 ____D () C:\Users\s\AppData\Roaming\mysearchdial
2014-03-08 14:07 - 2014-03-08 14:07 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-03-08 14:06 - 2014-03-08 14:06 - 00643176 _____ ( ) C:\Users\s\Downloads\minecraft.exe
2014-03-08 14:06 - 2014-03-08 14:06 - 00643176 _____ ( ) C:\Users\s\Downloads\minecraft (2).exe
2014-03-08 14:06 - 2014-03-08 14:06 - 00643176 _____ ( ) C:\Users\s\Downloads\minecraft (1).exe
2014-03-08 14:06 - 2014-03-08 14:06 - 00001093 _____ () C:\Users\s\Desktop\Continue Download &amp; Install Installation.lnk
2014-03-04 17:00 - 2014-03-04 17:00 - 13424092 _____ () C:\Users\s\Desktop\Jatinder(1).zip
2014-03-04 17:00 - 2014-03-04 17:00 - 00000000 ____D () C:\Users\s\Desktop\Jatinder(1)
2014-03-04 16:32 - 2014-03-05 07:25 - 00000000 ____D () C:\Users\s\Desktop\KMSpc_9.2.3_Final
2014-03-04 16:31 - 2014-03-04 16:31 - 02893912 _____ () C:\Users\s\Desktop\KMSpc_9.2.3_Final.rar
2014-03-04 16:27 - 2014-03-04 16:27 - 04383232 _____ () C:\Program Files (x86)\WS_x64.Booster
2014-03-04 16:27 - 2014-03-04 16:27 - 00175952 _____ () C:\Program Files (x86)\WSSvc.dll
2014-03-04 16:25 - 2014-03-04 16:27 - 00000000 ____D () C:\ProgramData\Right Soft
2014-03-04 16:23 - 2014-03-05 15:31 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-03-04 16:23 - 2014-03-04 16:31 - 00000000 ____D () C:\ProgramData\88dcea01fba222c7
2014-03-04 16:23 - 2014-03-04 16:26 - 00000000 ____D () C:\ProgramData\weBsavE
2014-03-04 16:23 - 2014-03-04 16:26 - 00000000 ____D () C:\Program Files (x86)\weBsavE
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\ZendUser\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\ZendUser\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\ZendUser\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\s\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\s\AppData\Local\Packages
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\s\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-03-04 16:22 - 2014-03-04 16:31 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-04 16:22 - 2014-03-04 16:22 - 00340152 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar (3).exe
2014-03-04 16:21 - 2014-03-04 16:22 - 00340160 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar (2).exe
2014-03-04 16:21 - 2014-03-04 16:21 - 00340176 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar.exe
2014-03-04 16:21 - 2014-03-04 16:21 - 00340160 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar (1).exe
2014-03-04 16:16 - 2014-03-04 16:32 - 00003696 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2014-02-28 10:30 - 2014-03-17 08:25 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-03-20 14:59 - 2014-03-20 14:59 - 00000000 ____D () C:\FRST
2014-03-20 14:59 - 2013-08-07 20:55 - 00000000 __RSD () C:\Users\s\Documents\McAfee Vaults
2014-03-20 14:57 - 2009-07-14 05:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 14:56 - 2013-05-24 02:53 - 01611727 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 14:54 - 2013-07-02 12:06 - 00004926 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for s-PC-s s-PC
2014-03-20 14:53 - 2014-03-17 08:46 - 00000280 _____ () C:\Windows\setupact.log
2014-03-20 14:53 - 2013-05-31 14:56 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 14:53 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 09:52 - 2014-03-17 08:46 - 00000980 _____ () C:\Windows\PFRO.log
2014-03-20 09:52 - 2013-05-31 14:56 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 09:50 - 2014-01-14 14:50 - 00000276 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-19 09:48 - 2014-02-03 15:26 - 00001856 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-03-17 13:08 - 2013-10-16 14:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 08:55 - 2014-03-17 08:55 - 00000000 ____D () C:\Users\s\Desktop\Jatinder
2014-03-17 08:51 - 2014-03-17 08:51 - 00000026 _____ () C:\Users\s\Desktop\Bleeping computer password.txt
2014-03-17 08:47 - 2014-03-17 08:47 - 00008947 _____ () C:\Users\s\Downloads\hijackthis.log
2014-03-17 08:46 - 2014-03-17 08:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 08:43 - 2014-03-17 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\s\Downloads\HijackThis.exe
2014-03-17 08:37 - 2014-03-17 08:37 - 00000909 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-17 08:37 - 2014-03-17 08:37 - 00000000 ____D () C:\Users\s\AppData\Local\VS Revo Group
2014-03-17 08:37 - 2014-03-17 08:37 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-17 08:31 - 2013-07-30 19:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-17 08:31 - 2013-07-01 13:21 - 00000000 ____D () C:\Users\s\AppData\Roaming\uTorrent
2014-03-17 08:30 - 2014-03-17 08:30 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-17 08:30 - 2013-10-28 09:07 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 08:30 - 2013-05-25 06:40 - 00000000 ____D () C:\Windows\Panther
2014-03-17 08:25 - 2014-02-28 10:30 - 00000000 ____D () C:\Windows\pss
2014-03-17 08:25 - 2013-05-24 02:52 - 00000000 ___RD () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 17:33 - 2013-12-26 10:38 - 00000000 ____D () C:\Users\s\Documents\FIFA 14
2014-03-16 16:52 - 2013-11-01 18:07 - 00000000 ____D () C:\ProgramData\Origin
2014-03-16 16:52 - 2013-11-01 18:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-15 19:26 - 2013-05-31 14:57 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 09:42 - 2009-07-14 04:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 09:42 - 2009-07-14 04:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 20:38 - 2014-03-12 20:11 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2014-03-12 20:31 - 2014-03-12 20:31 - 00000000 ____D () C:\ProgramData\vsosdk
2014-03-12 20:27 - 2014-03-12 20:27 - 00000000 ____D () C:\Users\s\AppData\Roaming\295
2014-03-12 20:26 - 2014-03-12 20:26 - 01574206 _____ () C:\Users\s\Downloads\a-user-guide-of-dvdfab9.zip
2014-03-12 20:26 - 2014-03-12 20:26 - 00000000 ____D () C:\Users\s\Downloads\a-user-guide-of-dvdfab9
2014-03-12 20:22 - 2014-03-12 20:12 - 00001007 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk
2014-03-12 20:22 - 2014-03-12 20:12 - 00000000 ____D () C:\Users\s\AppData\Roaming\DVDFab9
2014-03-12 20:13 - 2014-03-12 20:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\31116
2014-03-12 20:12 - 2014-03-12 20:12 - 00000000 ____D () C:\Users\s\Documents\DVDFab9
2014-03-12 20:10 - 2014-03-12 20:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-12 17:35 - 2013-10-16 14:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:35 - 2013-05-24 17:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:35 - 2013-05-24 17:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 14:07 - 2014-03-08 14:07 - 00000000 ____D () C:\Users\s\AppData\Roaming\mysearchdial
2014-03-08 14:07 - 2014-03-08 14:07 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-03-08 14:06 - 2014-03-08 14:06 - 00643176 _____ ( ) C:\Users\s\Downloads\minecraft.exe
2014-03-08 14:06 - 2014-03-08 14:06 - 00643176 _____ ( ) C:\Users\s\Downloads\minecraft (2).exe
2014-03-08 14:06 - 2014-03-08 14:06 - 00643176 _____ ( ) C:\Users\s\Downloads\minecraft (1).exe
2014-03-08 14:06 - 2014-03-08 14:06 - 00001093 _____ () C:\Users\s\Desktop\Continue Download &amp; Install Installation.lnk
2014-03-08 01:53 - 2013-10-28 20:21 - 00000000 ____D () C:\Users\s\AppData\Roaming\Skype
2014-03-05 16:11 - 2014-02-03 15:26 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-05 16:11 - 2013-07-01 19:35 - 00000000 ____D () C:\Program Files\KMSpico
2014-03-05 15:31 - 2014-03-04 16:23 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-03-05 07:25 - 2014-03-04 16:32 - 00000000 ____D () C:\Users\s\Desktop\KMSpc_9.2.3_Final
2014-03-04 17:00 - 2014-03-04 17:00 - 13424092 _____ () C:\Users\s\Desktop\Jatinder(1).zip
2014-03-04 17:00 - 2014-03-04 17:00 - 00000000 ____D () C:\Users\s\Desktop\Jatinder(1)
2014-03-04 16:32 - 2014-03-04 16:16 - 00003696 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2014-03-04 16:31 - 2014-03-04 16:31 - 02893912 _____ () C:\Users\s\Desktop\KMSpc_9.2.3_Final.rar
2014-03-04 16:31 - 2014-03-04 16:23 - 00000000 ____D () C:\ProgramData\88dcea01fba222c7
2014-03-04 16:31 - 2014-03-04 16:22 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-04 16:27 - 2014-03-04 16:27 - 04383232 _____ () C:\Program Files (x86)\WS_x64.Booster
2014-03-04 16:27 - 2014-03-04 16:27 - 00175952 _____ () C:\Program Files (x86)\WSSvc.dll
2014-03-04 16:27 - 2014-03-04 16:25 - 00000000 ____D () C:\ProgramData\Right Soft
2014-03-04 16:26 - 2014-03-04 16:23 - 00000000 ____D () C:\ProgramData\weBsavE
2014-03-04 16:26 - 2014-03-04 16:23 - 00000000 ____D () C:\Program Files (x86)\weBsavE
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\ZendUser\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\ZendUser\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\ZendUser\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\s\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\s\AppData\Local\Packages
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\s\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Guest
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Users\Administrator
2014-03-04 16:23 - 2014-03-04 16:23 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-03-04 16:23 - 2013-05-31 14:56 - 00000000 ____D () C:\Users\s\AppData\Local\Google
2014-03-04 16:22 - 2014-03-04 16:22 - 00340152 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar (3).exe
2014-03-04 16:22 - 2014-03-04 16:21 - 00340160 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar (2).exe
2014-03-04 16:21 - 2014-03-04 16:21 - 00340176 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar.exe
2014-03-04 16:21 - 2014-03-04 16:21 - 00340160 _____ (Right Soft) C:\Users\s\Downloads\KMSpc_9.2.3_Final.rar (1).exe
2014-02-27 13:50 - 2014-01-14 14:50 - 00000182 _____ () C:\Users\s\AppData\Roaming\WB.CFG
2014-02-25 21:04 - 2014-01-29 16:38 - 00000000 ____D () C:\Users\s\Desktop\fyp pdf

Some content of TEMP:
====================
C:\Users\s\AppData\Local\Temp\nsi324A.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 12:12

==================== End Of Log ============================



#4 jjssj1

jjssj1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 20 March 2014 - 10:04 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by s at 2014-03-20 15:00:11
Running from E:\Downloads(1tb)
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30544 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
CPUID CPU-Z 1.64.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DVDFab 9.1.2.2 (08/01/2014) Non-Decryption (HKLM-x32\...\DVDFab 9 NonDecALL_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.1.3.3 (12/03/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Editra 0.7.20 (HKLM-x32\...\Editra) (Version: 0.7.20 - Cody Precord)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
KMSpico 5.1 (HKLM\...\KMSpico v5.1_is1) (Version: 5.1 - )
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MySQL Server 5.1 (HKLM-x32\...\{C54C7C1F-4015-4217-8F16-8CF993C59793}) (Version: 5.1.50 - Oracle Corporation)
NetBeans IDE 7.3 (HKLM-x32\...\nbi-nb-base-7.3.0.0.201302132200) (Version: 7.3 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TP-LINK Wireless Client Utility (HKLM-x32\...\{385C8E5A-0B4F-4DCD-BBBD-2A8AE0400A76}) (Version: 7.0 - TP-LINK)
Update for Video Converter (HKCU\...\Digital Sites) (Version:  - Update for Video Converter) <==== ATTENTION
Video Converter (HKCU\...\Video Converter) (Version:  - )
Video Converter Packages (HKCU\...\Video Converter Packages) (Version:  - ) <==== ATTENTION
WS.Booster (HKLM-x32\...\S-1839310039) (Version: 2.2.0.1233 - PremiumSoft)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version:  - )
YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.0.0.1634 - YoutubeAdblocker) <==== ATTENTION
Zend Server (HKLM-x32\...\InstallShield_{22DD821E-0024-4EC1-BDB8-22217E8C7634}) (Version: 5.6.0 - Zend Technologies)
Zend Server (x32 Version: 5.6.0 - Zend Technologies) Hidden

==================== Restore Points  =========================

03-03-2014 10:45:04 Scheduled Checkpoint
10-03-2014 12:19:13 Scheduled Checkpoint
12-03-2014 20:10:37 Removed Bonjour
17-03-2014 08:40:59 Revo Uninstaller Pro's restore point - webssave
17-03-2014 08:41:34 Revo Uninstaller Pro's restore point - WS.Booster
17-03-2014 08:41:48 Revo Uninstaller Pro's restore point - WS.Sustainer 1.80
17-03-2014 08:44:11 Revo Uninstaller Pro's restore point - Search Protect
17-03-2014 08:44:45 Revo Uninstaller Pro's restore point - Search Protect

==================== Hosts content: ==========================

2009-07-14 02:34 - 2013-06-26 16:44 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0C806B43-2622-472F-947C-C0DCDC607319} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {1A7C7D93-E4FE-456E-B2AD-123525A1DE17} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {60E87073-198D-41DD-8080-0A6232950A26} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {62070CD7-D8B1-4341-8804-B65C20C1AA03} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {623E76C6-8049-4568-B30D-4D5565B888A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)
Task: {64022BBC-27B9-4891-BF8A-AFE0C922EC4B} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {6F5FCD25-02DD-4217-A1F4-F657B6B44D80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {7DEB70C1-9FCF-4EB0-9F59-B6A310F42F9E} - System32\Tasks\Digital Sites => C:\Users\s\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A61AB43C-7296-4756-BC1B-2C6A81DAE444} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File
Task: {B08C8D2C-DDCF-4B58-8315-BAB315C7E67F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)
Task: {C2A6831F-FF5C-4364-B306-06B45C81E7DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3487025-07FD-42E8-B9CC-2EA285422EE7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File
Task: {F4D26E30-EDAF-45D9-9F63-CA82613974ED} - System32\Tasks\Microsoft Office 15 Sync Maintenance for s-PC-s s-PC => E:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\s\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-01 19:34 - 2013-11-01 19:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-04 16:27 - 2014-03-04 16:27 - 04383232 _____ () C:\Program Files (x86)\WS_x64.Booster
2012-10-01 19:36 - 2012-10-01 19:36 - 06522480 _____ () E:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-24 05:02 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2014-02-15 19:12 - 2014-02-15 19:12 - 03578992 _____ () E:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 17:35 - 2014-03-12 17:35 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Zend Controller.lnk => C:\Windows\pss\Zend Controller.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^s^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: iLivid => "C:\Users\s\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\s\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Marvell Console ATA Device
Description: Marvell Console ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2014 02:55:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 02:53:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: AI Suite II.exe, version: 1.0.0.40, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xf10
Faulting application start time: 0xAI Suite II.exe0
Faulting application path: AI Suite II.exe1
Faulting module path: AI Suite II.exe2
Report Id: AI Suite II.exe3

Error: (03/20/2014 02:53:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.22, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xf48
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (03/20/2014 02:53:24 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/20/2014 09:54:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:52:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: AI Suite II.exe, version: 1.0.0.40, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x1034
Faulting application start time: 0xAI Suite II.exe0
Faulting application path: AI Suite II.exe1
Faulting module path: AI Suite II.exe2
Report Id: AI Suite II.exe3

Error: (03/20/2014 09:52:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.22, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xdd4
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3

Error: (03/20/2014 09:52:22 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/19/2014 09:57:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: mcuicnt.exe, version: 5.9.2.0, time stamp: 0x52309272
Faulting module name: mcmscui.dll, version: 12.8.934.0, time stamp: 0x52e74716
Exception code: 0xc0000005
Fault offset: 0x00000000000346bb
Faulting process id: 0xdec
Faulting application start time: 0xmcuicnt.exe0
Faulting application path: mcuicnt.exe1
Faulting module path: mcuicnt.exe2
Report Id: mcuicnt.exe3

Error: (03/19/2014 09:45:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/20/2014 02:59:56 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (03/20/2014 02:58:56 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/20/2014 02:58:24 PM) (Source: DCOM) (User: )
Description: C:\Program Files\Common~1\McAfee\Platform\PlatformServiceFW.dll -Embedding193{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (03/20/2014 02:57:55 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/20/2014 02:53:16 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error:
%%1243

Error: (03/20/2014 09:57:54 AM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/20/2014 09:57:26 AM) (Source: DCOM) (User: )
Description: C:\Program Files\Common~1\McAfee\Platform\PlatformServiceFW.dll -Embedding193{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (03/20/2014 09:56:54 AM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/20/2014 09:52:17 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error:
%%1243

Error: (03/19/2014 09:50:02 AM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}


Microsoft Office Sessions:
=========================
Error: (03/20/2014 02:55:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 02:53:38 PM) (Source: Application Error)(User: )
Description: AI Suite II.exe1.0.0.4000000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41ff1001cf444c2bda18b5C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Windows\syswow64\KERNELBASE.dll6afc5ba0-b03f-11e3-b70f-abad0bdc0986

Error: (03/20/2014 02:53:34 PM) (Source: Application Error)(User: )
Description: EPUHelp.exe1.0.0.2200000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41ff4801cf444c2a1cf762C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Windows\syswow64\KERNELBASE.dll68643bb4-b03f-11e3-b70f-abad0bdc0986

Error: (03/20/2014 02:53:24 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/20/2014 09:54:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:52:37 AM) (Source: Application Error)(User: )
Description: AI Suite II.exe1.0.0.4000000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f103401cf44221e63d80eC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Windows\syswow64\KERNELBASE.dll5db0f3be-b015-11e3-8499-f2aa867a41b0

Error: (03/20/2014 09:52:32 AM) (Source: Application Error)(User: )
Description: EPUHelp.exe1.0.0.2200000000KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fdd401cf44221c477fb0C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Windows\syswow64\KERNELBASE.dll5a9d0c44-b015-11e3-8499-f2aa867a41b0

Error: (03/20/2014 09:52:22 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/19/2014 09:57:55 AM) (Source: Application Error)(User: )
Description: mcuicnt.exe5.9.2.052309272mcmscui.dll12.8.934.052e74716c000000500000000000346bbdec01cf4357afc95abfC:\Program Files\Common Files\McAfee\Platform\mcuicnt.exec:\PROGRA~1\mcafee\msc\mcmscui.dllf0c5226d-af4c-11e3-9007-ae2a87362b83

Error: (03/19/2014 09:45:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 16334.43 MB
Available physical RAM: 14067.41 MB
Total Pagefile: 32667.04 MB
Available Pagefile: 30145.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Os Windows 7) (Fixed) (Total:232.79 GB) (Free:166.12 GB) NTFS
Drive e: ((1TB) Program Files ) (Fixed) (Total:931.51 GB) (Free:871.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9B454847)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C2C23FCE)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 7EB6A25B)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================



#5 jjssj1

jjssj1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 20 March 2014 - 10:14 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-20 15:11:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Samsung_SSD_840_Series rev.DXT07B0Q 232.89GB
Running: ruc89dhh.exe; Driver: C:\Users\s\AppData\Local\Temp\fgddypod.sys


---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP11T0L0-b                                                                              fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                               fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort8                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort4                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort0                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort10                                                                                       fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort11                                                                                       fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort9                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort5                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort6                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                               fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort7                                                                                        fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP10T0L0-a                                                                              fffffa800ca222c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                        fffffa800ca222c0
Device  \Driver\akbfvwyo \Device\Scsi\akbfvwyo1PortcPath0Target0Lun0                                                              fffffa800d8802c0
Device  \Driver\akbfvwyo \Device\Scsi\akbfvwyo1                                                                                   fffffa800d8802c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                    fffffa800cbd62c0
Device  \Driver\atapi \Device\ScsiPort7                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort8                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort9                                                                                           fffffa800ca222c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                          fffffa800d8092c0
Device  \Driver\cdrom \Device\CdRom0                                                                                              fffffa800d6262c0
Device  \Driver\cdrom \Device\CdRom1                                                                                              fffffa800d6262c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{BE570B97-3151-45E9-A8ED-8E90F6F58B48}                                                  fffffa800d6862c0
Device  \Driver\usbehci \Device\USBFDO-0                                                                                          fffffa800d8092c0
Device  \Driver\atapi \Device\ScsiPort10                                                                                          fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort11                                                                                          fffffa800ca222c0
Device  \Driver\akbfvwyo \Device\ScsiPort12                                                                                       fffffa800d8802c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                          fffffa800d8092c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                   fffffa800d6862c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                           fffffa800ca222c0
Device  \Driver\usbehci \Device\USBPDO-0                                                                                          fffffa800d8092c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort4                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort5                                                                                           fffffa800ca222c0
Device  \Driver\atapi \Device\ScsiPort6                                                                                           fffffa800ca222c0

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800ca222c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys   fffffa800ca222c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d3bc790]                                                           fffffa800d3bc790
Trace   3 CLASSPNP.SYS[fffff880013b243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d169060]                 fffffa800d169060
Trace   \Driver\atapi[0xfffffa800d096060] -> IRP_MJ_CREATE -> 0xfffffa800ca222c0                                                  fffffa800ca222c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\akbfvwyo.SYS                                                                                 fffff8800433c000-fffff8800438d000 (331776 bytes)

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       E:\Program Files (x86)\DAEMON Tools Pro\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                       0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x40 0xE1 0x02 0x59 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                           0x5C 0x62 0x20 0x5B ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0xB8 0xFE 0x2B 0xA1 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                           E:\Program Files (x86)\DAEMON Tools Pro\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                           0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                           0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0x40 0xE1 0x02 0x59 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)             
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                  0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                               0x5C 0x62 0x20 0x5B ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)        
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                          0xB8 0xFE 0x2B 0xA1 ...

---- EOF - GMER 2.1 ----
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 AM

Posted 20 March 2014 - 10:31 AM

Please download this tool and save it to your desktop: http://go.microsoft.com/fwlink/?linkid=52012

Run the file by double click and press the "Continue" button.

When the tool is finished, click the "Copy" button in the lower right corner.

Reply to your topic here, right click into the reply box and select paste.

Post up.

 

 

 

 

Scan with CKScanner

Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 jjssj1

jjssj1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 March 2014 - 06:38 AM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV
Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=
Windows Product ID: 00426-292-0000007-85540
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {810E9180-96BD-4687-BD69-57FF7752C675}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{810E9180-96BD-4687-BD69-57FF7752C675}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85540</PID><PIDType>5</PIDType><SID>S-1-5-21-1095933591-1447621111-927615864</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0408</Version><SMBIOSVersion major="2" minor="7"/><Date>20120605000000.000000+000</Date></BIOS><HWID>76893D07018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:29:2013 13:25
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAIABgABAAEAAQACAAAAAQABAAEAHKLcBJudlLUs12THClN0xFZGEsLQeqp7DZ2Km+SuyqCWYw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            ALASKA        A M I
  FACP            ALASKA        A M I
  HPET            ALASKA        A M I
  MCFG            ALASKA        A M I
  FPDT            ALASKA        A M I
  SSDT            SataRe        SataTabl
  SSDT            SataRe        SataTabl
  SSDT            SataRe        SataTabl
  BGRT            ALASKA        A M I

 



#8 jjssj1

jjssj1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 March 2014 - 06:43 AM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\check_activation_all.cmd
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\install_service.cmd
c:\program files\kmspico\ipaddresscontrollib.dll
c:\program files\kmspico\kmspico.log
c:\program files\kmspico\log.cmd
c:\program files\kmspico\triggerkms.exe
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\unins001.dat
c:\program files\kmspico\unins001.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\uninstall_service.cmd
c:\program files\kmspico\cert\installall.cmd
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\project\project.reg
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visio\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
c:\program files\kmspico\cert\office2010vl\office14reginfo.reg
c:\program files\kmspico\cert\office2010vl\tokens.dat
c:\program files\kmspico\driver\openvpn.cer
c:\program files\kmspico\driver\tap-windows-9.9.2_3.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\install_service.cmd
c:\program files\kmspico\scripts\install_task.cmd
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\scripts\uninstall_service.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\tokens.dat
c:\program files\kmspico\tokensbackup\cache\cache.dat
c:\program files\kmspico\tokensbackup\office\pkeyconfig-office.xrm-ms
c:\program files\kmspico\tokensbackup\office\tokens.dat
c:\program files\kmspico\tokensbackup\office\cache\cache.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\users\s\desktop\readme kmspico.txt
c:\users\s\desktop\kmspc_9.2.3_final\readme kmspico install.txt
c:\users\s\desktop\kmspico install\readme kmspico install.txt
c:\users\s\desktop\kmspico oem\readme kmspico oem.txt
c:\users\s\desktop\kmspico oem\$oem$\$$\setup\scripts\clean.cmd
c:\users\s\desktop\kmspico oem\$oem$\$$\setup\scripts\runonce.reg
c:\users\s\desktop\kmspico oem\$oem$\$$\setup\scripts\setupcomplete.cmd
c:\users\s\desktop\kmspico only service\check_activation_all.cmd
c:\users\s\desktop\kmspico only service\install_service.cmd
c:\users\s\desktop\kmspico only service\readme kmspico service.txt
c:\users\s\desktop\kmspico only service\triggerkms.exe
c:\users\s\desktop\kmspico only service\uninstall_service.cmd
c:\users\s\downloads\kmspc_9.2.3_final.rar (1).exe
c:\users\s\downloads\kmspc_9.2.3_final.rar (2).exe
c:\users\s\downloads\kmspc_9.2.3_final.rar (3).exe
c:\users\s\downloads\kmspc_9.2.3_final.rar.exe
c:\users\s\downloads\microsoft office 2013 professional plus (32-bit) (x86) activator kmsnano24\microsoft office 2013 activator kmsnano24 by dhruvloves007 kat\kmsnano_setup.exe
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.ZZ.11.UXNAT0
 ----- EOF -----
 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 AM

Posted 21 March 2014 - 08:03 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 AM

Posted 27 March 2014 - 04:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users