Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring Trojan, possibly ZPACK or XPACK?


  • This topic is locked This topic is locked
24 replies to this topic

#1 Kothliim

Kothliim

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 29 September 2014 - 05:44 PM

I'll try to be as thorough as possible here regarding any information I have collected regarding this infection. First of all, it keeps coming back. I've cured the "symptoms" of the infection several times, but there's obviously some deeper cause. It may even be more than one infection, I'm not entirely sure. Symptoms include:
 
- Avira alerts/detections for various trojans (ZPACK, XPACK, ATRAPS, etc) in one of the following: appdata\local\temp or some other appdata\local\(folder), appdata\roaming\(random), or ProgramData\Microsoft\Crypto\
- Entries are added to the startup (I check with msconfig) that point to one of the folders above, either .exe or .dll
- Processes appear in task manager, (random).exe, sometimes with the process description "Booking", sometimes multiple instances and if killed just restart
- An "updateflashplayer_(random).exe" UAC box that keeps popping up infinitely no matter how many times I click no
 
As you can see from the log below, the most recent iterations are:
C:\Users\Yaseen\AppData\Local\Ufmmedia
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpA56D.exe
C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
 
I've fixed the above problems (at least temporarily) several times, infected files quarantined or deleted, startup entries deleted, etc. Avira is the running antivirus on this PC, I've also used MBAM. I've reset the windows firewall to default settings to close any unknown exceptions.
 
Also, I ran ComboFix (I know, I should have come here first lol). That was last night, however, before running DDS today and making this post, and this morning the symptoms were back. I will paste the log just for informative purposes in the next post.
 
FYI, this is not my computer, it's my brother's, so I'm not 100% what may have been done before I got involved. If you have any questions, please let me know, and thanks in advance :)
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Yaseen at 14:58:54 on 2014-09-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6142.4055 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\D-Link\DWA-556 revA\wirelesscm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yaseen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [YmPack] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Yaseen\AppData\Local\Ufmmedia\Usptext80.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
dRun: [AVworks] regsvr32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-556 revA\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A8F58C4D-9AEE-4C7D-B731-459900581D5F} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2014-6-1 14456]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-6-29 28600]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2013-6-26 26624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-29 238080]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-6-29 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-6-29 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-6-29 117712]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-8-27 160048]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-28 21992]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-11-16 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-11-16 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-11-16 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-11-16 34304]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-11-16 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-11-16 36352]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2012-11-16 93184]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-2-4 266240]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-17 111616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [2013-6-26 954368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-26 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-26 57856]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-09-29 20:22:37 -------- d-----w- C:\Users\Yaseen\AppData\Local\Ufmmedia
2014-09-29 20:22:26 110592 ------w- C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpA56D.exe
2014-09-29 10:02:52 2162688 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2014-09-29 09:53:48 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-29 09:31:51 98816 ----a-w- C:\Windows\sed.exe
2014-09-29 09:31:51 256000 ----a-w- C:\Windows\PEV.exe
2014-09-29 09:31:51 208896 ----a-w- C:\Windows\MBR.exe
2014-09-28 18:07:17 -------- d-----w- C:\Users\Yaseen\AppData\Local\CrashDumps
2014-09-17 20:39:23 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-17 20:39:23 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-17 20:28:12 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-09-17 20:28:11 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-09-17 20:28:11 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-09-17 20:28:11 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-09-17 20:28:10 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-09-17 20:28:10 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-09-17 20:27:45 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-09-17 20:27:45 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-09-17 20:23:55 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-09-17 20:22:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-17 20:22:55 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-17 20:22:55 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-17 20:22:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-17 20:22:55 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-17 20:22:14 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-09-17 20:22:14 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-17 20:22:13 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-09-17 20:22:13 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-09-17 20:22:12 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-09-17 20:22:12 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-09-17 20:22:12 112064 ----a-w- C:\Windows\System32\consent.exe
2014-09-17 20:18:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-09-17 20:18:00 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-09-17 20:18:00 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-09-17 20:17:56 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-09-17 20:17:34 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-17 20:17:33 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-17 20:17:31 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-09-17 20:17:31 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-10 18:04:01 -------- d-----w- C:\Program Files\iPod
2014-09-10 18:04:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 18:04:00 -------- d-----w- C:\Program Files\iTunes
2014-09-10 18:04:00 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-08 09:26:20 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-08 09:26:11 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-08 09:26:11 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-08 09:26:11 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-08 09:26:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 09:11:48 -------- d-----w- C:\TDSSKiller_Quarantine
2014-09-08 08:32:49 -------- d-----w- C:\Users\Yaseen\AppData\Roaming\DriverCure
2014-09-08 08:32:34 -------- d-----w- C:\ProgramData\SparkTrust
2014-09-07 20:13:48 -------- d-----w- C:\Users\Yaseen\AppData\Local\Adobe
2014-09-07 20:06:04 -------- d-----w- C:\ProgramData\NortonInstaller
2014-09-07 20:04:24 -------- d-----w- C:\ProgramData\Norton
2014-09-03 15:48:03 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-31 09:11:47 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-09-08 05:07:51 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-09-08 05:07:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-09-08 05:07:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-09-08 05:07:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-08-30 08:40:46 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-17 22:19:42 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-08-17 22:17:14 282512 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-29 23:05:19 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-07-25 09:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 15:10:35 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-15 05:52:16 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
.
============= FINISH: 14:59:05.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 29 September 2014 - 05:47 PM

Last night's ComboFix. NOT CURRENT!
 
 
ComboFix 14-09-29.02 - Yaseen 09/29/2014   2:33.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6142.4216 [GMT -7:00]
Running from: c:\users\Yaseen\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\1623d50992004ba6c618160ef09f91b0
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\1a7b6dc3691b67a8ad3594086526d55d
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\1ea58711c745e2ae40d9296fb9834bd0
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\24856e84e16ca254dfe7483b23650f72
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\32014a59e82d3332638ffab7212dc526
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\3aae74f2e57c8711f1cdead0a49d42aa
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\3ad4bf7e010a3a0ead02ec3dab89d862
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\3e53854b34253b274824ef71b843605b
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\49b0f204afd4023cbbeb84fde6c78af1
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\655065372fdef739a23d2e9644bf1052
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\75809b48c3e9c32fe7cfcddd8fadc455
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\8e0168f2820d5c96efd5a8ac430d7588
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\9c7818f475d41fbc01631ad4af0fec9b
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\a799b3edaca788451cd0b3f079cd3af1
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\b2acfb05de3197c7e618b4c025a38560
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\00e630f9800e7b809075c71ab4ed2da0\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0160f25e0cf564eb38663a0a76a9d941\Adobe Photoshop.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0222000328a0ce58025ab09767122edd\TurboCPU.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\02b3cf911edf699be5623c8578731d6c\TheGreenBow IPSec VPN Client.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\02f17cdf4a0a926dad282b285705c01d\Total Game Control.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\02ff440ba9a407b0fa1ccd9a8f21ea15\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\032563572d2d3b2973d05e796477e65a\Xilisoft DVD Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\038b30288228d8a7ca7ec45dffb04409\Prevx - Free Malware Scanner.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\03f1d98b307459a19c53c39e4ce8e1da\Kaspersky Internet Security.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\044fd5d25b983628794c1ea53287bbe2\Knoll Light Factory Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\053d52ba180e327db6c2966a77ca9c1d\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\05e875e77e1d2ba75b628f7f3a1d016c\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\06b3f4513082c9e8f5524b58bdf8bf91\Voice Trap.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\074a152d4544d6f6ed53865089825672\Desktop Ruler.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\077ef65047c75e4b5f28655cd2d2c5bf\Android Jelly Bean Skin Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\080b2a9f37eedbbea3da90e6074d1ffe\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\08738ab13859f890947cadbaad7b0036\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0897f7583dc0be15045af2cbe5be636c\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0942defa74b6f39ad7d80bca9be0af72\DomusCad.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0979ce7ad28e0c80bef38010fcbb62e1\Readiris Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\09924fcc261beb58f5e95ceae8c79c01\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\09f29ba82e791fe5e56d91db4b185d01\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0a2bd1e861446fc014cc01f1188c8d5b\KeyPass Portable.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0a643a24a32647e18befbb6738b3f964\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0a69aa0c956a27d50c79c8afc38e1cbe\2D Truss Analysis.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0a8408ec6af81836a5b28ced0fc67144\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0ad24e4802b42df502059365e61fbd29\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0bb292b51776b1e0bb234a86c7f24689\File Access Helper.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0c2d69b4bd56478b80f0d876509d75a9\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0c413528a58769a3047696a3da312780\ArcSoft DVD SlideShow [30% DISCOUNT].exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0c6634753e7d87c08e602925ba43f325\Hide Folders.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0ca32c7858fec05df1db348239e0eab7\DivX Plus.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0ea0011e8047996baa867eddf8a2f372\Multi Password Recovery Portable.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\0fd74b87fb30755069af63e3c0febabe\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\106b26c49f371fc9584399c14be3afac\Exterminate It!.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\11384f18df142eafcee58d064a356462\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\114130454af5450f15ceb0e8c7384a11\Orcs Must Die! Game of Year.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1196bc5bed482435d35f3d8115ff31de\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\11b79b0cbbf042079535ed057ada3637\Video Capture Master.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1278c976f0b45a923c5f4a4d250abe9b\PPT to PDF Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\12e1d6ca81c86175e99e1d4d27681cd5\WinUndelete.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\13348d482b22a32c86b0ce4a9ad095fb\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1346fc50316c2049d99e4dd1b34e19e0\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1472f45e7e959b54d11d9a8d741273f0\Diff Doc.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\14d4ea41aefc991ee2390e6c972bbe63\WorldUnlock Codes Calculator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\14ffb7329e594768ab9c8e23d9be0ac7\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\15449da89fb4f7b4f57b71960ee4673f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\155af9dc8db1bf83310ba684f9e22754\Nero 8.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\157ff064c6256eed014f632f53fe8230\Classroom Spy Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\15929e2f88e7f5242c728ccf28bdc7ff\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1603a0df2ba75297207a13cafc3d2bea\BlackBerry Backup Extractor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1719c43ff3153dbadedc9de950c1d9ab\AV Voice Changer Software.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\171e9223068ed3fb4ccf4a8bec2b474d\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\175c5a7e5fc7356fabd3b1b33417a42f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1846231e2172ace112c9308305b0a55b\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\18474902db40b9986a3eb37c55dd8702\Recover My Files.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\18e1cd83034c18bc475346c7d1120010\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\18ebd7621ed53986ef714845581733c2\Avira Server Security.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1916ed4241828111e23a6e1741f9a4b1\Shadow Security Scanner.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\19756d7e6e70b4d7cdf8cd428359e70e\Intelliscore Polyphonic MP3 to MIDI Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1a6e68e6a3a451c2d8d862f0679a9d1e\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1a9733ca0d9efc62bcf998439e107e65\JDownloader Password Decryptor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1adf7b077f246366d5d4569c40aed859\Uninstall Plus!.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1c2d0fb0f666aed965a87a91d9dee2d3\Circuit Wizard Professional Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1cae5e22f0f7d8499e0acfd30578f1f7\Tweet Adder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1ce4a366448c061d2e10ab251f280d8b\G DATA InternetSecurity 2014.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1d4f6acc44d39af950e8489f8cc64b59\UltraMon.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1dcfeed3a405ad644d935136a9ff4226\Piano Chords.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1ed848ef51fe6115485222bc770760e0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1ef978e6b866524d1ae22016c277db96\Heroes Over Europe.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\1f5752392f6973ba8223a48a76dc708f\OmniPeek.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2016f128163fe26c710e54aa6a651479\A-Z RealPlayer Video Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\20a6c3e5ea325d9820ade27f358f9f7b\Magic Bullet Looks.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\20e14cc22aac244941b3ba9526c69a83\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2110821f2e623d60d57bd3df5a7149f5\SecurityKISS Tunnel.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2135cc6f2ee846974d4a5c229c5264e3\Photo Effects Studio.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\222ab84ae4d3cffa4b34a3c469ba53b5\The JukeBoxer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\22730fe29057723bb655bf4cccb9f94f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2286550edcbee944cab93ce3c665ceff\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\22c5a059d6ed480fdc5acb52653650be\Kiwi Syslog Server.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2431831bdc519299c7c683855a991167\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2432bb16a139cfeafeda41c7a0957d68\NXPowerLite Desktop Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\244ca74a00ccfee549641b4151f4c10d\Okoker ISO Maker.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\24866ae4194b58ff96a00493c1110b17\CAD-KAS PDF Editor (formerly PDF Editor).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\24a853f3cef9ec1b2333857ad5c7ac06\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\24be19f69bf157aa7f6290b83926a8ac\Adobe Acrobat Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\24f52bcd0c828f27e4fc6b14bb120c23\Navicat for PostgreSQL.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2503090a6477a8dcab5194adbd23158a\WinSQL Lite.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2586300417f299ffb255309da3ff1b5d\CallClerk.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\25a2f40a78cbf2dc7d05485658b08d35\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\25a9bccf960bc7c3b0740d69c898b246\Simple Network Tester.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\260dee859d54f81e1d376c6bed9d85fe\SUPERAntiSpyware Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\267232990aacdbfc4cb633abed4c3020\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\26fd53fe97fab33cb047b8d7c552223d\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\27c0959d981549d536fb8a8406f1ead5\Blink Professional Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\27ca5d70ba200ba73607ddf3332c3882\CamSpace.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\284a3a790f9b068d968ca0bebd9786fe\Mortal Kombat Arcade Kollection.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\286855c990c7c07ba370ac0db92f5ef5\Dead Space Bundle.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2a00ae0c8f1f7d2b6a7de477d7dcf378\The Mirror of Beauty.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2a8906b18347c8efbb89e6f9641af422\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2b44870d387875f531d81baa3d5e9707\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2b6c5d616235cd3e7e45d04c6158c681\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2b7bd7799a3dfe33b0912d9e32638e74\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2bd4c28725f8344a45dbd43db2f12379\Spectrum Analyzer pro Live.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2d030a2ea8b85c1037ef4b0e8638d213\FlyVPN.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2d13e1dedf6524afdda591613585a6b7\Men of War Bundle.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2d3ca6b8b811a60d8438375e5ab2f255\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2dbec67ff15f1cf1702011ef83f16245\PS3 Video.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2df2a1b15b9512293928598c5845bf3b\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2eae38c3e5851ce784c44d06234a5799\TouchCopy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2eb6f0cdaccad7b5bc3c0b8eee9ebec4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2eb71c6b5f17f3176172a15cda4b2af8\OBJ Import for 3D Studio MAX.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2f30bf4220172c6de6036358d094be15\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2f773b46df7da2cba7ab8a55bea2ce9f\iBackupBot.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2f7e57741d279afc19c43dadcf6b643e\GoldMemory.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2feb303ec9676494b3cbc8464b0aaa75\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\2ffa6d4f6b6430daccde6aa41bcfe603\FLAV FLV to MP3 Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\307d73239079cc5d92766137b422c4c9\DisplayFusion Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3119039ada649048a6f553d3332d356f\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3134d1f1262cd98970c17be98883458d\Metacafe Video Downloader.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\317a93707a629aa4ccc91527d4a75562\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\318e94665f25bd8f7023c6dc4a88329d\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\31cab3ab8def0ac303447a55630b61f1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\326601d189060fe4af73b04833a07cd1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\32b9a3c5670c97242d49ba8ea6eafd27\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\33c9680c37b2068c1c2150df9770e610\Driver Updater Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\33ce042b390eb7f4d335b93012d05c74\Microsoft SQL Server.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\33e7bfe8b6b3e74812cfdcf6b62bdda2\Apollo Audio DVD Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3415f9dd9d725712b8a48e71da63b8bf\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\34351923f39a53c6960fb0c94751bf89\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\34868bebcab633a75504c9c1295803d7\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3493439bc2a402fb19d6bd0893c423ca\YoutubeGet.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\34b4314a77e7b173dc17fe1ca13350dd\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3586ad2a5380c39305cb2bfe40b8f871\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\35a00029d6228bf63dc8e34a2452c45a\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\35c4424dab04a24f34d29ae739a77eee\TuneUp.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\373d786a9c9d3e62276f61589103ab75\Virtual Drive Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\37bc03d88755c94ae1be83a684e772d9\Hotkeycontrol.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\385ddd9e2b541e599999113f2dd2f2ab\MTA Press Release 13.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\38c8ab89123653a7c60c5ce6b60b9ac5\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\38e8363ef6a8e3fd7f3fbf8dbf7382b4\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\396e9df0b851975bf6213b93fccb232a\Lite x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\39a9fc03239e3eba013d5c9cd850db42\Trapcode Particular.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3a262e399fdf049f1b8c94bf3a3f678a\LITIO - 3D  Sheet metal unfolder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3b0b5b8919876998ab1622b88ce39ea4\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3b127f320efb9e87d55812d2a38a5247\OE-Mail Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3b3bd645e6c5a9eb7eef38a778626455\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3b9642e09e0244e6c2bf77baa365b9e6\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3b9fb403159fec1ecf0d5c2caa1e9136\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3c010bcd8d45a9c608985ce49f4159c1\Pinnacle Game Profiler.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3ce4e06b18d83d3cea15c706f36048af\AACPlayer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3d2813e35744ce033639bd0287958d25\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3dbd5983d090ce83dd25cf11198269b4\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3e0897f4866213254bfbd3cbe589d73d\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3e0ba034994aa3792cd7d9db045dc866\MessengerLog (formerly MessengerLog 360).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3e25671b8f4e64c33583cd542dadb042\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3e3b16c034cc6d772dae7666e69ea9da\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3e425c22d9817056e9a7d6a6ec0c31e9\SAM Broadcaster PRO.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3ef216577f4d1da26618e460a4cc0159\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3efde02b55710ed826854c1095d358f7\Hulu Downloader.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\3fc542090db888ae32dbe35564d82a87\ProtoMon.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\402e9110441bb003281bcab2b37f2903\Guitar FX BOX.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4076a382761db4bb3072450fe3717248\DVD-Lab.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4232f6809bf02d1a9e836157a032cae5\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4299a14cedc9cb9ece624077b891154a\Joint Operations Combined Arms.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\42f3f08df11089697704410799e57ddd\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4318e53302e1320fa3df84cadb6df08b\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\43d1c2223af0c2d303c451cf87ef05b9\Facebook Account Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\43d583599074d462f3581b0a94f20e6c\Absolute Bosendorfer Piano VSTi.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4457aa4b2444c6e3405d9f80bf19859d\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\44627bfc0c179b69d22ae31298c0bcb4\BitTorrent.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\45c3a6f6bdb0531de792538fe38ee79b\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4690a3497571ab3ab576abf182ba83ee\Allok AVI to DVD SVCD VCD Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\46a9f8f3b1e4e937520ff05b2f7d5f9c\Trend Micro Titanium Internet Security.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\475c4daed9ffe52643426272baf4b114\Kaspersky Anti-Virus Update.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\48e9a443649e8d286a67b7fcf4060f68\ArcSoft PhotoBase Deluxe.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\48f1159309580cda303b342556270c32\Traffic Calculator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4974ba839913c179b5a00268daa0e21b\Advanced Archive Password Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\49a6308a8db59d1f7067ee61beeef6ca\Super Screen Recorder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\49a7f87925e6e6b9eaf24517160f17e1\ESET Smart Security.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4a401155971c5096478871d7508769b4\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4a539c02f2b553240554eca7c61e29d2\ShadowProtect Desktop Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4a78e9b7f1c0a5a3e0f34c1d41d7facd\PhotoScape.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4aea8b59c05330700f6ff24e816b16a1\Algolab Raster to Vector Conversion Toolkit.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4b6c6fe03d3728d337679bd5fe2e3b42\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4bc9458af6f702aec99bf3eaf71b3b9d\Advanced System Optimizer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4be9230826fc182ba1309b8e04b12ad0\Mail Alert.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4c5229942e64eb3cf8998ded49ee470b\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4ce5b9606c466e91d65128d433738708\Kane And Lynch Dead Men.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4e5c21b5436901d8bc0d84ed7f44dc36\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4e83d793be96b282bed1f7b64d396773\Elements.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4ec7049e6da44f57b29d1b6085e83284\CleanCenter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\4ff2fcfc0e31017d673ba28979f796cd\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5032a8787bf81fb7dd659d1abe14b9c6\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5043e6851039c05c06accc66970438ba\ReFox XII.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5151ba30864070c052b3186f51d82708\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\51572b8d64cbddc674c27f884a2d8680\3DMark Vantage.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\51c380f67caf87b0ace1b666856aa2b4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\520175f9d578a04e1eb598c530e58736\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5207274b51018301fe8ab22745fbacf7\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5239daabe27427a1c56c28709997bf54\Satellite Antenna Alignment.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\52dff1f52018c0de54e923964e0496bf\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5316d433b648c9f6934fa426d488f6e4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\533951796c0086629b76cf37d8f1fe26\RegCoolPro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\538a86051465b4aca0ea9d07797e131d\Virtual PDF Printer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\53d40b8fa0839378647d4f0545f22d28\Link Exchange Easy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\544e372d3f3d4f5525a47dab010b794a\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\547c84c255de461241b9f50c4842426f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\54e38428d1fc6ee813c145a5d284b72e\PQ Talking Photo.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\54f6662efe6ebc050b1b3c7196938b69\Corel Painter Essentials.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\54fe1d21057718fad29eb2d052e4b818\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5518035624d7fb9394a773ab14371720\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5522eb87020c0cdef925f213ca9b2b26\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\556c6f609258e264dfa7ba49dfa9ccda\DVMP Pro (formerly DV Media Player Pro).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\557699f7de8d3e72672eef65cbccc14a\WebM Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\55a41d0dcdb2a1a6c3b8d0331a862613\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\55c72c3ddbcf5f48a0ef378fb4dbf456\Hamachi.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5668fc0f4f31188ee5dc9f910e1f040a\PSP Video 9.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\570a1faa8a470199ba5120628a90c995\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\57b23dab50034ea1f0e0c4410caf5355\TekRadius.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\57c803cedf60616be45a3db2dddfb4e9\Windows 8 Transformation Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5887a48381ce97f15b7cc6661c65a08a\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\58bb08d1926bfd685a03feb6604d01c2\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\58f3537daa74b712d59ead842b875bad\Adobe Flash Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\599a33291d9cf3c859e4e84934a42380\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\59cea58fcb6f64202f77675fa2e380f6\AML Registry Cleaner.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\59f3e7ecc7b8c518d17e2a437b41f164\Lite x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5a727afb32a9f8d131f1bfdf34c7dcde\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5b5c65e23d55727f2a357c6c7f144fe8\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5bf537b57021ada249d47c140279d370\Bandwidth Monitor Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5c1f2d6512cf0687b42ce83c886f478b\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5ce1f1f1a55f77af639fd6567a8c8f27\IP2Location IP-Country-ISP Database.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5d625d6a420eb5fe32ec31a0de52a1ba\CoreAVC.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5da361fb13616642827ac61a72b89956\R-Undelete.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5e1049ba7f0fea3853048091e89198d5\Trend Micro OfficeScan.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5e32a3cf7efb520b45a242ea6c466d15\MemOptimizer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5fc3164f7fe5e4612c4380da29babc21\1 Click And Lock.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\5fd635f8f4a90cd44366e03662e2c4d0\ASX to MP3 Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\601791dbae2cda8ae139b35d3fe6eea3\Anti Netcut.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6028d4ed815e46ba664b8b3970e3a72e\Filter Wiz PRO.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\60b2a1ea3410cda55531347610f9faf3\mIRC.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\60e4d0a71bde7a6ffa127a6a5c9303d6\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\611d158e25faa443dd1267b9f9a9cd32\Audio DVD Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\61985196bc2981b6ec216990eda53e5f\Video-AVI to GIF JPEG Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\61e2d3427048235933c12de66151758c\VB Decompiler Lite.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\620e964b7aa942651e68bb3e37ea8444\SWF Text.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\621d7f46f67da21a7d06075abe51d3cf\Virtual CD.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\62f1e3b20ce2e7c6592b5546810677d5\MKV to DVD Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\637272354c2c56688b0791a421b257e9\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\640fb8144bc44bc873c1afe250d16f8a\Skype.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6411421a8dc0929fbc39874aa777ec37\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6494dda7a6b62fbc73902ffb0bcf923e\KONTAKT 4.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\650ef764637317bfb9de5cb608bf20c8\Visual Paradigm for UML Professional Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\65d014001f43b6e6459acb323f1d8a79\CyberLink PowerProducer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\65e2b9235f761936c6701ccd990fc55f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\675a9bc7994974146f2ddd0fa7786960\PlayClaw.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\67a60d19866c720aafb180976993a13d\Magic CD   DVD Burner Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6874a1360cdd67ed5f96c70b5b8ec09e\Appnimi All-In-One Password Unlocker.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\689242281f68bbdefda19fb6d668dadb\123 Web Messenger.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\68e4a0f419e42c423cc4819d4603708e\English And Armenian Dictionary.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\693a45b28fb0b143e9d27262bdcf0cdf\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\69aa570faba5bab29579245725849dc8\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\69bc54704cd94ba918f21a9f48180c0f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6a93f32a033d9487518584d231012d63\Flash SlideShow Maker Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6b9803d6de1291b7206b978fe4aad3c3\Software Virtualization Solution.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6c636bc3c2fdc01743fed5eee294bd02\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6c6ffcd97e7ffe0abbf08230a24b1159\Advanced PDF Password Recovery Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6cb650747bb61894e776f9b56a2586fd\ER Studio Enterprise XE2.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6cdfb6f516af45a687f1ef457fc64492\CoffeeCup Flash Firestarter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6d0b27408d9e74e70ea978f31cf9acee\Stellar Phoenix Outlook PST Repair.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6e0491be55cf8c53469fb676574d2496\Merriam-Webster English Dictionary.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6e786979ce5d17804f5046868cce8069\Activity Monitor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6e9ae295510950f04a19cd24095ce40b\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6ebeb6ee873c22bbfdeff6c634312f8b\Dupe Eliminator for iTunes.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6ee2f02c95c7249849ec81d718ee6f7a\Key Customizer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6f3a87b515e63c33cc57e7cc300efd03\Ulead Gif Animator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6f525ef39e2fa895eaf52d9f99fb19ad\VideoVista Standard Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6f7bb282115ddf286836a3d3a0f7c1f8\Beast Within A Gabriel Knight Mystery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6f93b4b82c515c3cebe09612233ca4e8\All Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\6fe22895684ed858613883840c60f334\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\70bd1db6352718dabfce91ddc32c18bc\Aurora Video VCD   SVCD   DVD Converter And Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7110f58765524b2e72f5b0923d80fc61\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7187a985f700b8ebf7943bda08cd7c9f\Macro Scheduler Automation Tool.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7241160897f7457a39a9ca43315ab6c2\Adobe InCopy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\733de671df78c103c98f6a1e903eb2a2\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7385a16dea1c7b5a695a340bd28714f6\25 Game Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7489eca959b3054b9bc7b4df2cdeebf3\Image To PDF OCR Converter (PDF E-Book Maker).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\748edca3ada8d95ca94841069f94d847\Altap Salamander.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\750d37fa0ab357dbfb971caed03e2e99\AVS TV Box.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\75525436bea952125d9899eb6339a283\AutoCAD Map 3D.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\761665a4765faaa4cbcf0b2e0240e3ad\Memory Improve Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\76d5912e689b53cfeb259add6b1bae4b\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\76df31438d767eafaf5fa251490fb020\Power Video Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\76e3a4a2a9bbf59abffba5fbe87f3ef8\AVOne 3GP Video Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\771116da0624a861d700942c1e3a8a26\PL SQL Developer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\772f6624c08f9a99cdae4af05ab696a0\LimagitoX File Mover Lite.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\775c48a7c49dc6acd82682686ceb207c\CamGuard Security System.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\775c5cb3ed1fd8286494c4760004c699\NokiaFREE Unlock Codes Calculator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\78ddf642a7ea3efe1d1ef03af2490824\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7906490e48fe75757d2b17b7dfd4b1f1\Titan FTP Server.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\793a8cf28d465c231d8b4e0f20d79afd\SureThing CD Labeler Deluxe.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7963f72c87ae1002b3e339f110e5533c\Microsoft Office Professional Academic.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7a2d714cd72d5d9d6d0ee264c47c7026\Access MDE Compiler.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7a375ec3008b60c62998db4b1d7ce9e2\Reshade.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7a4a1ae3288d11cadb6c5cc8b0396584\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7a88dccdab71f83705d3706516fa6d41\Serial Key Generator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7afbc171a680c1fc54073786fa3cd7b1\Sonar.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7b5470d8c9ffcf484ff3fbf33b537da9\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7b75b222967b5040a85908c2f4b0cf1a\BizTalk Server.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7c2b8027b6b4bc7604321d6a3b15a3d3\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7c4ec3a17b5992677e4bff0505a9e808\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7c7e6242cd912bf04c343636867044f1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7c998312b0c712d7c75586fe29031154\TARGET 3001.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7e3763fb92e25a636ddc63caa651c938\Sandboxie.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7ebc00e8ff94d2798a39fa350c0f9617\VAC (Voice Activated Commands).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\7f691c124411bcf42c47521a5cb099d3\Kaspersky Anti-Virus.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\806f39bdc5e1389410ef9033c370cd59\Memory Card Data Doctor Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\80e6ef16b417acf8e30d18807f9ee4ef\Ashampoo Music Studio.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\80fa832d458edb7b6bde1321d38d7652\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8153097807ffdbe7999641e5257b0c28\Windows 8.1 Loader By Daz.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\816fdb189028bbe405b02dbe584eef08\Windows Password Reset Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\81c51d90bde3266daaf5e2521ef6bce5\Lite x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8287e7bcfbc6ebc9dedaa57d9f5bc4c3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\82be74803be319097bd1cac7a66b26b8\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\82d30a88c2a1dbf5c0c01f9caa950613\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8343da516817d696ea396879c9e9003e\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\83d7b41866e2dba4d36fcef86f5a1bb6\PDF Compress.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\83fc227026d3952465bd858339a3dc09\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\840981dc0668ac0575bbed0efec9fb11\ArcSoft Magic-i.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\848f8bcfac38d344ec0e3f63e56d2847\Lite x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\84dd73050782775f08bb3a0e6351e88c\Easy Card Creator Express Edition.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8562cf636834da3175312d409d89ed15\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\859c5c505ba61be6cf9cf33a85cea672\Excel Password Recovery Master.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\85ec87a77c9553d66bda86cac8f57533\CwGet morse decoder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8632c0eb9b3266e65ea6440f789bdb4e\Dont Get Angry! 3.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\86428a7f666022d95016bdbf346fcb5d\Universal Math Solver.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\870a7209e4e23e6c68e1f40103d8d92c\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8879bac1d90c5f325dce4b4e83849353\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\88d049eb577a708bbbd653ce94f29df5\FaceShop Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\892d5d040e22c125d147f32a3abe36e5\TV.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\897369eed041cbd475a2f0ad74f7dbfe\Pdf995 Printer Driver.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\89b568f02d38c2a1f6dc0f2a01bb0d26\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\89d167f01250e5503e25d3e10c41f36a\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\89d93d51f278176e767ef548cb4c990a\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\89f0d31fd26173060c51e4431828daf9\Microsoft Visual Studio Ultimate.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8a085f1ccd0645951cba1b0f72453155\@RISK.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8a776e48918c9ccab3e7071353505027\TOWeb.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8ae5909cf309b355e0458fe41eec44db\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8b005f96dca7751eb243e74b0d89ff12\Pendulo Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8b08b396ecd9cdc4b9ef51640b77729d\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8b6f37db5c21f9e11df2d01358dc85ff\Panda Antivirus Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8bc6a163a64a3414a417c2b9e935242c\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8c35a1ff9c17e58156664c0dfc3bdbeb\ComiPo!.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8c68338a5b2fe7769590c07f8930a1ea\WINDEV.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8d145807cff429ae46d4b7928f38a4f0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8d5445dd0a4948296ee32baac96442e8\RamDisk Plus.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8db3f439d76ddce19b4d676a105e7a63\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8dee0e8f6b5b68be5a62cba49c7d6789\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8e2f00fbd62e6f9068a1a408ca7934db\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8e8b06023caa27ef926fd02404d76a58\IDEAL Administration.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8ebaeb5d13c1e69a301aa978b2bf002d\Smart Cutter for DV and DVB.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8ede4dc86b5a9ef59f9b287e68db777b\Zend Guard.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\8fd979af0d6782773eb20549d8fff7c8\Instant Theme Creator.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\906cfd0dc1ace25b7e9f9f97e64073c3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\907adc51dfb9434bf646d8cbb4999b20\WhatsUp Gold Premium.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\908abf7ec56183fcf524f9e928e462d5\MagicEffect Photo Editor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\90b3fef137ab49e4c2304a80b887e0ad\ESF Database Migration Toolkit Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\90fe45e18b9c5006580dbcc615370c94\Snappy Fax.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9181dae827de686d07d4fa0663ca75d8\ZipZag.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9198c6d4454e20bd72c7ffda1a399bfe\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9287e46ea8ec7c71b8d33352cb0b66d8\BlueSender.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\930633faecc09efa2f1834a179a38223\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9345a8cca3fbf2956dbd34fb1ca11015\Adobe Presenter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9370fdc925387d4bbadc54ac75ffc615\Nero 7 Premium.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\93916c0d9f3394b262c0580efd67909f\Mortal Kombat.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\93aecf5cdfb9898e77bd7b4e55ac1c35\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9498b69b87f9bbef745218e176c62756\ArKaos VJ DMX.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\94ec2aca501c84e6dbe61e8e7f9f190a\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9502a75754ee40bedbf7f7d83f149476\Sims 3 Generations.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\951485b91b04142cd2feba18d3d7dcba\Nancy Drew Trail of Twister.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\95a835f558de87625fb4752d3d949fab\Stitch Maps.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9625e26f4dd058c348d493c6bf730e50\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\96f5f046834b65f8f7952f9025c5f48a\MyProxy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9784d5db2142c48f0d0be363d900a8e8\King Arthur Franchise Bundle.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\985dad9693e28798a31bfa21c4fd7506\Iron Speed Designer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\98a917134bf0abbbbd9c8e9eddb28d57\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\996ec65f62eabfa0fcb8e3555f6aa601\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\997d175968d2641e288c5a26cdc2250f\Download Master.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9989dbf2440eddfbb8954ae1f628441c\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9a7f0ea459b7f1c2180b9fd477b71de4\Hyena.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9aa4d990c804b06009793cef99a06fe6\DriverEasy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9ab21167dbef315c833026bb4a1a8b25\OmniPeek.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9b53ee15b5806db273a2793868e67866\Artlantis Render.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9cad99d73ede1920a7c0dfd11f85f2fe\AAA Logo.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9cefdd16f5c6482bda72607076944634\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9dfbcd032d2a4308b76ef1bb4d7e689f\HTTP Analyzer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9ea4bc421d4868e6bdc561a84215b477\AAMS Auto Audio Mastering System.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9f079b4c8853c4ca15e96793281e0570\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9f376fd52a4b6922c363fbb95bb44c28\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9fb1b9ac7df7508eafcc9b2ddfe25697\Alien 303.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\9fde8318a2dd85c88f1042965059cb67\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a08b18662b707b61f465e05f94725e5d\HT TV Plus.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a0b00f35ee0eed30a5dd57e8de5b8767\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a0d7dc13e27680a4b14308a3c57b8a10\Quicksys DiskDefrag.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a189e6e625048d288ccfc0c2a5008526\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a229686ab28e81d4e5f7336c88311114\IVONA Reader.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a4772c434284724e5a77a4d6de792154\Trend Micro Virus Pattern File.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a4eeebd9ad07f67f634a63fbaf5566d2\WinToFlash.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a503069404df729d43d205f39e7492e7\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a5919af01ebacbef4e9339f31f2c4769\Worship Him!.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a5dacbea46673da558e365b48f6d0e37\GoGo CD To MP3 Ripper.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a6a2ac49c90948fcff70a8e4b6d31a6f\Lock Folder XP.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a6a876a551dee6361ac6b6740319cf3d\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a6b1c998c17e08548711f9c5bd5b16b7\SuperVideoCap.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a6dcba440d79ff106155e8854af7053c\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a7127150189209d2ddaea00d12131da0\You Dont Know Jack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a7f6e117853f46124abd5c87a13ec384\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a7fb9ca0d2abf1c6c3ecdc5d975c6f5d\London 2012.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a8d5b3549aaf879b6f3889e94eb87876\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a99017d4713894544680fd3e878002e9\ArcSoft TotalMedia Extreme [30% DISCOUNT].exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a9b4b0d5164321cb08a899a2d9b849e1\CHM Editor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\a9d7635ca9fe76ccfec5ab7eb111d2eb\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\aa63ae3153aa8b27b09e2123cdd533b7\Cute Web Messenger.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\aa71a2bf08d86d3b493036261047c541\AVG Antivirus Free.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\aa98595e816476d7e716000bfa376424\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\aaa4c0771033047e96cf5fcbcccad49b\Data Doctor Recovery - SIM Card.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\aaefbe3008d4e6a2074faa511280b8ff\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ab0a5ed9ebb0c783124d507b37432bbd\Ad-Aware SE Reference File.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\abf3f66ea627138c52df93c51d175372\QuickBooks Key.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ac352afcc608b2eb13cde40fc0f17812\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\acfc48398d6b0085dd2ca3bec401ba40\Xilisoft AVI MPEG Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ad64a26fa5584f94a074282cf46f7db7\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\add027359594bf6ab5a50d375fd1b64f\Business-in-a-Box.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\add994670bb0fcd2d2357e0b8fd60059\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ae2669737c465ad3566358aeff412506\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ae2d8e3b5ad90b9f8f7367ccd0eab0f3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\af2d4f39540b42474e36e322d465d1b4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\af691d3bf61bcfca669d28fb149d584c\BlueSender.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\af699c761485f31a3a419ca933ba98b6\Cisco CDP Monitor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\af9dcf7836c58d150219bba95f7334df\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\afb870b9dfe17f5f0b8d20bc535a32f1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\afe7dd4dfa3f05095ce5465758496286\Mystery Adventure 4 Pack Vol 2.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b04a001788b981524bf5d89ac47bf4ac\Repair Video Master (formerly ASF-AVI-RM-WMV Repair).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b0af17af9dbe60366ad49da0fe623a44\Word to PDF Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b1112dbc4ab06cd706ff51a55ba5ddc1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b18396dee3ddddd85e998220d3650cfa\BeeThink IP Blocker.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b1a0ac53a40868da95442673c0e7d028\iPhone Backup Extractor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b25ecdf85ec29d9369bedda7dcfea200\nBinder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b2bc0a7fb1374657225a3853bc56b5e2\PC Spy Keylogger.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b3b30bd50c0bacc5d164db0d57c03cb6\Adobe After Effects.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b3bbe7257f863234e31b3bc5d9c51f71\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b3f79b1db13455a3c13aa2235b0217ed\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b3fdad181ba98befd120b159f70523b1\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b4c197c913f9f3645d35f5561cc7fba0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b4dba0128b260c700dc85036060473c4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b710c16489d1540436189d57f7facbc3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b7187d54ba3f8e37e8cd19e1e9970f24\Trainz Simulator Classic Cabon City.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b8117b2604925d9471da096ba9d4ed87\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\b81f56dd6bc7a9862bdfca5954507f17\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\baef391f673e047f2ce39bcf50094121\BIOS Agent Plus.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bb12ff16448d8e0835cb7b6e4c87ddb4\Ashampoo Magical Defrag.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bb60f935335540ab70fdf6b0a3c8d18d\Fraps.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bbb31e7639da57480fb445b7e4147fa1\4U WMA MP3 Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bbc59aa46c94a62f63041e2b48e619d1\Registry Healer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bbf3a6e5b41b7d2e55fa721f6a7c27e1\eXeScope.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bc67ae7df9f6a460f7d004a444f35683\Advanced Pic Hunter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bca9c95d3c3d373e0837a6e25e2260f5\Dutch Duck IE History Viewer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bce2e36c22a0d4b51c90dc9fa8470413\FaceShop Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bce807e99d7b6f1d646b2a247c66b260\iTV Media Player.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bcfd5fdc309ef07bc9a14301a017a530\SplineTech JavaScript Debugger.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\be2aacd3b31d13e90efda24b577a4f9b\Satellite Antenna Alignment.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\be775d3c999c0d78c25f8fd00a474181\Driver Updater Pro.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\be811fe80229ecc33c67beacc9837797\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\becf88481e14d4220cf5686d28e3e651\BatteryCare.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\bf15059c5a68bef07658ac90457dda17\HARDiNFO.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c082f954362dd84f6e015812461aa50e\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c0c3b69047687e69763355ca60a6c5f0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c0e5cdc4d7133a379a53e1df1c3ff491\Internet Access Monitor for MS ISA Server.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c102fa1a7e2c918d557058e252fde326\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c11a2b0e4f10f7241a17fdc51b50dbf4\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c184c99b5815e68f6d7a353dabc6d2dd\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c252ad84974f33b3b62377e6e4eb6d05\Lite x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c2ffe115437321ba4087f39b334b3b7d\Bastion.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c3ea2367106ad16ed31c33b7d1eac178\Microsoft Project Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c41c0464eea4fcccaa9cb8da5832c5c0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c473feaa12112e51f59c6c5322a99a2f\ImTOO AVI MPEG Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c488406cf7692e50aedcb2e8f6025523\CamSpace.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c48d33e89ee1e8e3f2beac45bb63cb29\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c4bbf82b92248df7108745c3686fe205\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c5a502e859860ee097d5bf360b820cf1\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c5e28748b0e5f8efc8827123d7b83dc7\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c61ab6d3623936c79d58e7bcb8814406\Symantec Ghost Solution Suite.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c65382f27fd44e0a909707a900b0e8b9\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c6728b7bc5474e575a3eb60fae35fad9\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c779e2049037a2a01c610050e961edeb\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c8030376d5b0fdf19cd205f5463c07fe\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c853b51fb80de757b41df60db3601d00\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c8fdc321ed8bb24d7eba25ea2e4ff177\Windows Media Stream Recorder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\c9c4dda75612ad815ec7236186d5093e\DARK.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ca79e92886e2c6186b9e73ba858ca097\XLStat.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cb7c90d587c9d4295855a5ca72a53ce2\Folder Icon Changer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cbdb3c63b59187c0c3b796817b2fdb18\Appnimi RAR Password Unlocker.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cbf12a46131b001cadbf20969a766d7b\AOL Instant Messenger (AIM).exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cc3345146a227449591c880e60fb3290\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ccae18036e4031e30badd8c6d0864eea\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cce38618c1046a7d580aee2c23a34c50\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cd3f8abf49e179e9c903746d7e77f342\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cd8f70976e0a2c59b3822dc259835978\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cdd93e7556fd0d56bc83c6934ec9853a\Advanced ZIP Password Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cec6c85a7bf9770323e16af12d5f97c7\Microsoft Access 2010.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cf5bac4f1e7eb317f44aa76053b72466\Mystery Masters Secret Reflections.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cf761e2110d06be3d90401c43a0f1b48\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cfb211fa1c942f2a8cb33769d401f40e\MyProxy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cfb2a81fb1a96e905400a97a628e21be\ERNT Flash Antivirus 2010.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\cfcd042af554735cfd62488793765996\CountryWhois.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d001e8f6cc267614461d209406eb0061\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d08bbdc3a9bcb73d31ad2864b860613a\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d14c02d246b16cade04eb3ec8a5d1886\Iris Network Traffic Analyzer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d20e3ced9c54c5a12a4a11c61af29f5a\Acunetix Web Vulnerability Scanner.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d2805f0f1e2cdabbf60d6ccd9a4c81c5\HyperCam.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d2f9f498e7b8fe2adb430c479d9a277e\32bit FTP.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d42b2ae9fbec6370063229641ac71c3c\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d447908840bf527518af74efb430f333\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d4d85046d0b1b32f3a5b9a1028df4500\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d509d73bcf69a0f56c06d6bb65aa61d9\File Recover.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d574e5bdfc5535655eecba3b17bc6257\MotoBlaze.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d6513031f7ce87cb2ac730a2cf5d4e71\Colasoft Capsa Enterprise.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d672c7bfd78fbb179d86cafe49836650\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d6dfa5439b9e546c3f85f8ed3f2c4857\Aide PDF to DXF Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d6f2b3b2ec680fa24764fa02972402d7\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d8ce72207aa2cbc546f2c73cf533f4cd\CrystalDiskMark.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d8d7cea31722a2ef975e72412b2d24e7\WinWAP.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\d98630f02676adea5dd7ede9be7d48c1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\da068cf741cb02789ff8eec279ae4b61\Amara Flash Intro and Banner Builder.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\da926c2f883781917eb824ee2d824eb7\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\db3e984ea5fd32e3b96f8e11dc8fc728\VMware Workstation.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\db9240453f07bd211861525b290b5989\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dbdbfa65cada7d019fb1a461fcb80bf4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dcc1a19168db8c623a5105599cdc0efa\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dd158224ce930e9b22d821ac523e8303\Jazler Radio SimplePack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dd7e6cae58990a46613e41f006746063\R.I.P..exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dddf2162e2bfac1360525c5aec2fdb48\WinASO Registry Optimizer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\de56049157be3fd10032904289c518e0\CCProxy.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\de6438912b487800702430003184dcf3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\de9d9e5d8aaf4d562ba8050177df6f3a\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dee312c62457fe61887e9c02ae26a02f\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dee6de940620e2876ccacdaa80784e7e\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\df461ea041daab70ac41947fbf3ed152\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\df68eb280c3c69a6b50e7981335dd748\USB over Network.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\df7adb7a3ba423912d80c4a8c50002a4\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dfa31c17676dc4bc20e591536a587607\Avid Liquid.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\dfed625062fde49822c96578e94a18b2\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e053c5228118170270885b6de3c8e2bf\Advanced ID Creator Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e1b685da328d622ffd1609c128a4370d\Free Internet TV.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e2b49d80c36e82151341f7faff25c002\VIPRE Internet Security.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e306c89be8b8133f962d7acf17c4a9ee\Neuron PE Disassembler.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e329aadffb093f88647031080a7c3190\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e43a71bca640ee65e36575e8c5f2237a\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e51d88ba47ee0390a14fb6aee71f2a79\Partition Magic.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e551267818dbfd84c0072d1880bca5a3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e571b80cbe1b8bd00b4dcdde2515cf62\Midnight Mysteries.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e606c63b3d450c95e1a4ac0fe0298d22\AnalogX AutoTune.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e64373035ca16ad76377e1227dec88b7\Karaoke Sound Tools.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e789448dc738f6ad5a702cdb215384c5\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e7efe25a7ab669b06f749033098846da\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e87232558e406b3f4fa55d303760b4e4\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e8cbb256a8d46ea4f96fc7a4ca767591\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e953db4a8d6d0bababae7e935105a6a9\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e973ad94dcdefc1d64585315cb806a49\AnyKeylogger.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e987622383ff64418104e1cab337aa17\Yahoo Messenger Monitor Sniffer.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\e994fd39697acf0fae065238a1e92274\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\eaa419cd97e4e4682f8fa1bcff947e7d\DVD Profiler.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\eb8f6389ee5c26da6eaab4d2cafe32f0\Smart DVD   CD Burner.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ec9aa7b80f1442d543374ecfc8565649\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ecbf8ede825c0ce1c44f11d47628b4c1\Play With Pictures.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ecf687b149c11d2941e51866713a60cc\Windows Live Messenger.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ed1e549321726c2b2fb1b4c6278543a0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ed548d4bdd852655f44685d077b2b46f\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\edf7feba08a49fcae0d6113819c647cc\CleanCenter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ee96ea955d95627bf76767f59c6f0748\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\eea108f90ae6ce031cdb75e1aa1ab08c\TestComplete.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\eedde5d970380d07ed4fef84a87138ff\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\efb98e99eedf98634aa58e0d9270816e\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f0315c6e7a3d1b34fc0ac17ca8d2f065\DVD X Player Standard.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f0595379ee6c59530ea833f7df452a22\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f097c0d7dfcc9c51243e3a9ef7befa17\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f09ff3e3a858a6d067a3622763a36da3\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f0dc25031a7f8826d662df7bc7d9496c\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f2128654eff062a3cc3a99242d859e36\Zero Assumption Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f2184f30305da0b9e6ee7d7e5e223b6c\ImTOO CD Ripper.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f255ebd2004e0d2bcc0220f534426a42\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f2633b6375e13589c126b37ac7d533c2\Aston.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f29b2c200eae21bc1247fac2e41bc41e\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f2a1cbf2a2362efa2ef657332b901ab0\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f38e6c7ee435a79dc00fb4af71ce75de\ViRobot Internet Security 2011.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f3e9ee517d2d9f312eef8c772ae5c216\CMessenger 10.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f44590a9b1d5a5fd2726a3317ed94f51\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f478c7c69f51aedc448bfc03ff4c63a6\WMP xMPG Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f49ac0ae1f9ab235cbf27c547229860a\SharePod.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f56549dc06ab033a8c9f58b11a1a3f1c\Homeland Defense.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f5869b5fba46e0f303f93514700d6fee\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f5c6e95f5daf44bf7920265fd7b16c85\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f772f4c65ba3defe3bbde0bcd0fdc323\Outlook Recovery ToolBox.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f83ed8b4aee06cd8868dc8a4cb658162\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f88cd9d19e1385b9d1e318a5c1fda241\BlueSoleil.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f8b8c3af36947eef2d20a84ad8cc0255\SmartDeblur.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f8dbf687e3ffa7686625b299fbd73dd6\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f942600571fbb302846eb90cf0b5c9da\Total PDF Converter.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\f9ce9332fa5b99f982dddd3e8cad5258\KLS Backup Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fa0312874982058f2a37031f943de8af\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fa2fae7e1ff08140858989eba9c931e0\Aid4Mail Professional.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fae7aeadc5811fe3b90095c0e7130df1\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fb82943a65bdf6f17c2edd45ef085436\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fc46e798ec612a57813e59c9963cf1cc\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fca2fbae34034ee7fe73f31e53507c09\Movavi Video Editor.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fd995790924d60a20889175a58dc20cf\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fde2fac083d4e066058986b2374911af\Taskbar Hide.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fe3ffd2af530bec1f0fb6d9f96d576bc\Total Codec Pack.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fe618fdadc27782462e76176a23f8ea8\e-Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fe6763742eee7966fdaccb868fe3db7f\Windows XP Embedded with SP2.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fe90d01104e7b7f1190f5592ba0ee008\DiRT 3.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\fed1c4677752a83ea4827a5da7cb1511\Cartoon Maker.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ff0ea629da81a1128abcb94c474fc724\Magic Wallpaper.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ff7e56f6c9af9feb44c1c665bcff5eb7\CD   DVD Data Recovery.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ffc1e95c50da8e008a7531c5222c44bd\Blindwrite.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\data\ffe9a60bb3ebe7a803d5c2bfabcc1d76\EarthBrowser.exe
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\e7e4fee11dffc54126a71ac739815d33
c:\programdata\Microsoft\Crypto\RSA64\MachineKeys\fa01606044c3361607115e2eac16c90b
c:\programdata\Microsoft\Crypto\RSA64\rsa64.dll
c:\programdata\Microsoft\Crypto\RSA64\temp\tmp97FE.exe
c:\users\Yaseen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Yaseen\AppData\Local\Temp\nsoD0CB.tmp\DTCommonRes.dll
c:\users\Yaseen\AppData\Local\Temp\nsoD0CB.tmp\DTLite.exe
c:\users\Yaseen\AppData\Roaming\Adobe\AcorIEHelper.dll
c:\users\Yaseen\AppData\Roaming\Vuypor
c:\users\Yaseen\AppData\Roaming\Vuypor\yzycsy.exe
c:\windows\_detmp.2
c:\windows\_detmp.4
c:\windows\_detmp.6
c:\windows\_detmp.8
c:\windows\SysWow64\tmp9405.tmp
c:\windows\SysWow64\tmp9406.tmp
c:\windows\SysWow64\tmpB9BE.tmp
c:\windows\SysWow64\tmpB9BF.tmp
c:\windows\SysWow64\tmpBC88.tmp
c:\windows\SysWow64\tmpBC89.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-28 to 2014-09-29  )))))))))))))))))))))))))))))))
.
.
2014-09-28 18:07 . 2014-09-28 18:07 -------- d-----w- c:\users\Yaseen\AppData\Local\CrashDumps
2014-09-19 20:33 . 2014-09-27 17:54 -------- d-----w- c:\users\Yaseen\AppData\Roaming\Media Player Classic
2014-09-17 20:39 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-17 20:39 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-17 20:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-09-17 20:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-17 20:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-09-17 20:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-09-17 20:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-17 20:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-09-17 20:27 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-17 20:27 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-17 20:23 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-09-17 20:22 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-17 20:22 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-17 20:22 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-17 20:22 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-17 20:22 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-17 20:22 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-09-17 20:22 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-09-17 20:22 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-09-17 20:22 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-09-17 20:22 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-09-17 20:22 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-09-17 20:22 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-09-17 20:18 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-17 20:18 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-17 20:18 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-17 20:17 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-09-17 20:17 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-09-17 20:17 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-17 20:17 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-17 20:17 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-09-17 20:17 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-10 18:04 . 2014-09-10 18:04 -------- d-----w- c:\program files\iPod
2014-09-10 18:04 . 2014-09-10 18:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 18:04 . 2014-09-10 18:04 -------- d-----w- c:\program files\iTunes
2014-09-10 18:04 . 2014-09-10 18:04 -------- d-----w- c:\program files (x86)\iTunes
2014-09-08 09:26 . 2014-09-29 09:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-08 09:26 . 2014-09-08 09:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-08 09:26 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-08 09:26 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-08 09:26 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-08 09:11 . 2014-09-08 09:11 -------- d-----w- C:\TDSSKiller_Quarantine
2014-09-08 08:32 . 2014-09-08 08:32 -------- d-----w- c:\users\Yaseen\AppData\Roaming\DriverCure
2014-09-08 08:32 . 2014-09-08 09:17 -------- d-----w- c:\programdata\SparkTrust
2014-09-07 20:13 . 2014-09-09 04:54 -------- d-----w- c:\users\Yaseen\AppData\Local\Adobe
2014-09-07 20:04 . 2014-09-07 20:12 -------- d-----w- c:\programdata\Norton
2014-09-03 15:48 . 2014-09-03 15:48 -------- d-----w- c:\programdata\Malwarebytes
2014-08-31 09:12 . 2014-08-31 09:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-31 09:11 . 2014-07-25 19:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-08 05:07 . 2012-10-21 22:57 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-09-08 05:07 . 2012-10-21 22:57 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-09-08 05:07 . 2012-10-21 22:57 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-09-08 05:07 . 2012-10-21 22:57 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-08-30 08:40 . 2014-08-30 08:40 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-29 20:01 . 2011-09-28 07:12 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-17 22:19 . 2014-06-29 22:11 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-17 22:17 . 2014-06-29 22:04 282512 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-07-29 23:05 . 2014-07-24 23:53 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47 . 2014-07-25 06:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 15:10 . 2014-07-03 19:59 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-15 05:52 . 2014-06-02 02:36 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-05 751184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVworks"="regsvr32.exe" [2009-07-14 14848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-556 revA\wirelesscm.exe [2013-6-26 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-556 revA\jswpsapi.exe;c:\program files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-16 02:04]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-16 02:04]
.
2014-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000Core.job
- c:\users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 04:47]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000UA.job
- c:\users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 04:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1CryptoProviderIcons]
@="{24808826-C2BF-4269-B3BA-89D1D5F431A4}"
[HKEY_CLASSES_ROOT\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}]
2014-08-30 07:14 2576896 ----a-w- c:\programdata\Microsoft\Crypto\RSA64\CryptoProvider.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Ugfatouch - c:\users\Yaseen\AppData\Roaming\Vuypor\yzycsy.exe
SafeBoot-20613131.sys
SafeBoot-26943201.sys
SafeBoot-75239428.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3230290522-729723419-1199028287-1000\Software\SecuROM\License information*]
"datasecu"=hex:fc,d0,c1,4b,74,fb,53,5b,0d,e3,5e,cd,1a,e5,f7,a8,61,ec,b8,c6,b5,
   1b,aa,2e,f5,f1,01,c2,08,f2,6f,9d,ca,14,f5,8b,dd,63,d5,a5,5f,a2,24,60,c7,2b,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2014-09-29  03:02:27 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-29 10:02
.
Pre-Run: 269,687,943,168 bytes free
Post-Run: 269,547,839,488 bytes free
.
- - End Of File - - 43B408021D4E10D7E61BDCFE4608E8F3
5FB38429D5D77768867C76DCBDB35194


#3 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 02 October 2014 - 12:29 PM

I don't mean to rush anyone, but I have to get this sorted out before Monday. Bump?



#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 02 October 2014 - 03:15 PM

Hello Kothliim and Welcome to the BleepingComputer. :welcome:  

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 02 October 2014 - 04:41 PM

Hi Kothliim,

 

Please do the following

 

Step 1:

 

Combofix scripting

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Download the attached txt.gif  CFScript.txt   1.22KB   0 downloads and save it to the location where Combofix is saved to.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step 2:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Attached Files


Edited by olgun52, 02 October 2014 - 04:42 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 02 October 2014 - 06:04 PM

Hi Olgun,

 

I have a problem posting, every time I try to post the log it tells me I do not have permission.



#7 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 02 October 2014 - 06:07 PM

I will try as an attachment.

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 03 October 2014 - 11:37 AM

Hi Kothliim,

I have a problem posting, every time I try to post the log it tells me I do not have permission.

Crypto virus may be the reason.

 

 

 

10Bit

 

Uninstall/remove all entries related to 10Bit  that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
 
------------------------------

 

 µTorrent
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

Uninstall: IObit\Driver Booster

 

 

 

Step 1:

 

FRST Script:

 

Ensure your external and/or USB drives are inserted during the scan
 

Please download this attached txt.gif  fixlist.txt   3.9KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply

Next.....

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 October 2014 - 10:14 PM

Hi Yilmaz

 

I don't think IOBit is still on the computer, I don't see any entries for it in Add/Remove Programs. Maybe it left some files behind.

 

I've followed all the steps in your last post, but I think it may be a good idea to start over from the beginning. Whatever this virus is, it fixes itself every time something catches it. If the processes are terminated (like with RKill), something immediately starts them back up. If the startup entry is deleted or disabled, it immediately comes back. Even deleting the file or folder itself (Monava\qaxozaf.exe) triggers something that immediately recreates them. I noticed that this didn't happen after I used ComboFix and then disabled the network connection. As soon as I reconnected to the internet, the problems started happening again. I have now disabled the network connection again, and I'm posting from a different computer. I think if I leave it disconnected while we scan and fix it, we may be able to get rid of it easier. Anything that needs to be downloaded, I will download here and transfer to that computer using a USB stick.

 

In any case, I will copy and paste all the logs here, and let me know if we should start over or what you think the next step should be. Worst case scenario, I will format the entire hard drive on that computer and do a fresh Windows installation.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Yaseen at 2014-10-03 18:39:35 Run:1
Running from C:\Users\Yaseen\Desktop
Loaded Profile: Yaseen (Available profiles: Yaseen & Mcx1-YASEEN-PC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Unlock: C:\Users\Yaseen\AppData\Roaming\Monava
C:\Users\Yaseen\AppData\Roaming\Monava
c:\users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe
HKU\S-1-5-21-3230290522-729723419-1199028287-1000\...\Run: [Niantyawysyxduc] => C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe [312978 2012-11-18] (ApexSQL LLC)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Niantyawysyxduc]
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}" /f
Task: C:\Windows\Tasks\Security Center Update - 3822370559.job => C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe <==== ATTENTION
Task: {EBF769EA-F85C-4FAE-BF15-07A745D848A8} - System32\Tasks\Security Center Update - 3822370559 => C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe [2012-11-18] (ApexSQL LLC) <==== ATTENTION
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {823BA960-09FD-4987-B889-320FEEA9ACFB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3275393&CUI=UN19390888652439528&UM=2
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
CHR Profile: C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR HKCU\...\Chrome\Extension: [jljbhenkepchpiknajdnfglojnccebbi] - C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-05-29]
CHR HKCU\...\Chrome\Extension: [llipdjclndbefakdjhpnmaafddddgnhk] - C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [jljbhenkepchpiknajdnfglojnccebbi] - C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [llipdjclndbefakdjhpnmaafddddgnhk] - C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx [2013-05-29]
CHR StartMenuInternet: Google Chrome - c:\users\yaseen\appdata\local\google\chrome\application\chrome.exe
2014-09-07 13:04 - 2014-09-07 13:06 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-07 11:08 - 2014-09-07 11:08 - 00000036 _____ () C:\Users\Yaseen\AppData\Local\housecall.guid.cache
2014-09-07 02:37 - 2014-09-07 02:37 - 00000116 ___RH () C:\Users\Yaseen\Downloads\Stinger.opt
2014-10-02 15:26 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
Task: {04D3BC08-8B35-4766-B887-E1B7FE670E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {7CAC271D-A81B-4B62-9A35-9158FFA9EAB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {BB03DD69-9D08-4353-A97F-FE12C6671F43} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000Core.job => C:\Users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000UA.job => C:\Users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Processes closed successfully.
"C:\Users\Yaseen\AppData\Roaming\Monava" => File/Directory unlocked successfully.
C:\Users\Yaseen\AppData\Roaming\Monava => Moved successfully.
"c:\users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe" => File/Directory not found.
HKU\S-1-5-21-3230290522-729723419-1199028287-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Niantyawysyxduc => value deleted successfully.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Niantyawysyxduc] => Error: No automatic fix found for this entry.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\Windows\Tasks\Security Center Update - 3822370559.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF769EA-F85C-4FAE-BF15-07A745D848A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF769EA-F85C-4FAE-BF15-07A745D848A8}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3822370559 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3822370559" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully.
"HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{823BA960-09FD-4987-B889-320FEEA9ACFB}" => Key deleted successfully.
"HKCR\CLSID\{823BA960-09FD-4987-B889-320FEEA9ACFB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
CHR Profile: C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi" => Key deleted successfully.
C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\llipdjclndbefakdjhpnmaafddddgnhk" => Key deleted successfully.
"C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi" => Key deleted successfully.
"C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\llipdjclndbefakdjhpnmaafddddgnhk" => Key deleted successfully.
"C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx" => File/Directory not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
C:\Users\Yaseen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton => Moved successfully.
C:\Users\Public\Downloads\Norton => Moved successfully.
C:\Users\Yaseen\AppData\Local\housecall.guid.cache => Moved successfully.
C:\Users\Yaseen\Downloads\Stinger.opt => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04D3BC08-8B35-4766-B887-E1B7FE670E05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D3BC08-8B35-4766-B887-E1B7FE670E05}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CAC271D-A81B-4B62-9A35-9158FFA9EAB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CAC271D-A81B-4B62-9A35-9158FFA9EAB5}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB03DD69-9D08-4353-A97F-FE12C6671F43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB03DD69-9D08-4353-A97F-FE12C6671F43}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM)" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000UA.job => Moved successfully.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 736.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#10 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 October 2014 - 10:16 PM

RKill:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2014 06:45:16 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe (PID: 2640) [UP-HEUR]
 * C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe (PID: 4648) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 10/03/2014 06:49:18 PM
Execution time: 0 hours(s), 4 minute(s), and 1 seconds(s)
 

 

 

 

MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/3/2014
Scan Time: 6:52:29 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.04.01
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Yaseen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359042
Time Elapsed: 14 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
Spyware.Password, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, 3956, , [31540ee1c3b860d6fb4617b3ff028a76]
Spyware.Password, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, 2840, , [31540ee1c3b860d6fb4617b3ff028a76]
Spyware.Password, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, 1064, , [31540ee1c3b860d6fb4617b3ff028a76]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Spyware.Password, HKU\S-1-5-21-3230290522-729723419-1199028287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Niantyawysyxduc, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, , [31540ee1c3b860d6fb4617b3ff028a76]
Spyware.Password, HKU\S-1-5-21-3230290522-729723419-1199028287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Niantyawysyxduc, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, , [31540ee1c3b860d6fb4617b3ff028a76]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Spyware.Password, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, , [31540ee1c3b860d6fb4617b3ff028a76],

Physical Sectors: 0
(No malicious items detected)


(end)


# AdwCleaner v3.311 - Report created 03/10/2014 at 19:53:56
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Yaseen - YASEEN-PC
# Running from : C:\Users\Yaseen\Desktop\Fixes\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Yaseen\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Yaseen\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Yaseen\AppData\Roaming\iSafe
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v

[ File : C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1506 octets] - [03/10/2014 19:52:35]
AdwCleaner[S0].txt - [1449 octets] - [03/10/2014 19:53:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1509 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Professional x64
Ran by Yaseen on Fri 10/03/2014 at 20:01:15.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Backyard_Basketball_2004_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Backyard_Basketball_2004_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Backyard_Basketball_2004_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Backyard_Basketball_2004_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Yaseen\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/03/2014 at 20:04:47.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 05 October 2014 - 03:36 AM

Hi Yilmaz

 

I don't think IOBit is still on the computer, I don't see any entries for it in Add/Remove Programs. Maybe it left some files behind.

 

I've followed all the steps in your last post, but I think it may be a good idea to start over from the beginning. Whatever this virus is, it fixes itself every time something catches it. If the processes are terminated (like with RKill), something immediately starts them back up. If the startup entry is deleted or disabled, it immediately comes back. Even deleting the file or folder itself (Monava\qaxozaf.exe) triggers something that immediately recreates them. I noticed that this didn't happen after I used ComboFix and then disabled the network connection. As soon as I reconnected to the internet, the problems started happening again. I have now disabled the network connection again, and I'm posting from a different computer. I think if I leave it disconnected while we scan and fix it, we may be able to get rid of it easier. Anything that needs to be downloaded, I will download here and transfer to that computer using a USB stick.

 

In any case, I will copy and paste all the logs here, and let me know if we should start over or what you think the next step should be. Worst case scenario, I will format the entire hard drive on that computer and do a fresh Windows installation.

 

 

Yeah, just have some files the IOBit.

 

Crypto virus is a serious virus. But we must fight.

 

Worst case scenario, we'II  format the entire hard drive on that computer and do a fresh Windows installation. OK.

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Next....

 

Hosts-perm.bat to fix permissions:

 

Download Hosts-perm.bat install on desktop and Please do a Right click on the Hosts-perm.bat and select Run as Administrator

 

Next....

 

They're MalwareBytes undeleted.

 

Please do a Right click on the MalwareBytes anti-Malware and select Run as Administrator

Please try again run rkill + MalwareBytes and delete all (When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 05 October 2014 - 06:08 AM

Ok, first thing I did was make sure Avira is disabled (because Avira locks the HOSTS file as a security measure), and also keep in mind the network on that computer is still disabled as a precaution. It hasn't had any internet access for a couple of days now. Here are the new RKill and MBAM logs:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/05/2014 02:51:14 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 10/05/2014 02:52:43 AM
Execution time: 0 hours(s), 1 minute(s), and 29 seconds(s)
 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/5/2014
Scan Time: 2:54:02 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.04.01
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Yaseen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359221
Time Elapsed: 12 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Spyware.Password, HKU\S-1-5-21-3230290522-729723419-1199028287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Niantyawysyxduc, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, , [0c7916d9b7c43ff740014387cd346d93]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Spyware.Password, C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe, , [0c7916d9b7c43ff740014387cd346d93],

Physical Sectors: 0
(No malicious items detected)


(end)



#13 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 05 October 2014 - 06:12 AM

I also went ahead and re-did all the steps we've done so far, starting with the ComboFix script you gave me. I will paste the new logs here, just in case they are useful.

 

ComboFix 14-10-02.01 - Yaseen 10/05/2014   3:17.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6142.4157 [GMT -7:00]
Running from: c:\users\Yaseen\Desktop\Fixes\ComboFix.exe
Command switches used :: c:\users\Yaseen\Desktop\Fixes\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Crypto\RSA64\CryptoProvider.dll"
"c:\programdata\Microsoft\Crypto\RSA64\rsa64.dll"
"c:\programdata\Microsoft\Crypto\RSA64\temp\tmpA56D.exe"
"c:\windows\system32\drivers\gfibto.sys"
"c:\windows\system32\drivers\iSafeKrnlBoot.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yaseen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\drivers\gfibto.sys
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-05 to 2014-10-05  )))))))))))))))))))))))))))))))
.
.
2014-10-05 10:28 . 2014-10-05 10:28    --------    d-----w-    c:\users\Mcx1-YASEEN-PC\AppData\Local\temp
2014-10-05 10:28 . 2014-10-05 10:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-04 03:48 . 2014-10-05 06:27    --------    d-----w-    c:\program files (x86)\Warcraft III
2014-10-04 03:48 . 2014-10-04 03:48    --------    d-----w-    c:\program files (x86)\Common Files\Blizzard Entertainment
2014-10-04 03:01 . 2014-10-04 03:01    --------    d-----w-    c:\windows\ERUNT
2014-10-04 02:52 . 2014-10-04 02:54    --------    d-----w-    C:\AdwCleaner
2014-10-04 02:09 . 2014-10-05 10:06    --------    d-----w-    c:\users\Yaseen\AppData\Roaming\Monava
2014-10-02 22:41 . 2014-10-04 01:40    --------    d-----w-    C:\FRST
2014-09-28 18:07 . 2014-10-04 21:51    --------    d-----w-    c:\users\Yaseen\AppData\Local\CrashDumps
2014-09-19 20:33 . 2014-09-27 17:54    --------    d-----w-    c:\users\Yaseen\AppData\Roaming\Media Player Classic
2014-09-17 20:39 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-17 20:39 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-17 20:28 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-09-17 20:28 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-09-17 20:28 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-09-17 20:28 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-09-17 20:28 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-09-17 20:28 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-09-17 20:27 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-09-17 20:27 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-09-17 20:23 . 2014-05-30 06:45    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-09-17 20:22 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-17 20:22 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-17 20:22 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-17 20:22 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-17 20:22 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-17 20:22 . 2014-06-03 10:02    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-09-17 20:22 . 2014-06-03 09:29    2363392    ----a-w-    c:\windows\SysWow64\msi.dll
2014-09-17 20:22 . 2014-06-03 10:02    1941504    ----a-w-    c:\windows\system32\authui.dll
2014-09-17 20:22 . 2014-06-03 09:29    1805824    ----a-w-    c:\windows\SysWow64\authui.dll
2014-09-17 20:22 . 2014-06-03 10:02    112064    ----a-w-    c:\windows\system32\consent.exe
2014-09-17 20:22 . 2014-06-03 10:02    504320    ----a-w-    c:\windows\system32\msihnd.dll
2014-09-17 20:22 . 2014-06-03 09:29    337408    ----a-w-    c:\windows\SysWow64\msihnd.dll
2014-09-17 20:18 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-09-17 20:18 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-09-17 20:18 . 2014-08-23 00:59    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-09-17 20:17 . 2014-06-25 02:05    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-09-17 20:17 . 2014-06-16 02:10    985536    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-09-17 20:17 . 2014-09-05 02:10    578048    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-17 20:17 . 2014-09-05 02:05    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-17 20:17 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-09-17 20:17 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-09-12 09:43 . 2014-09-12 09:43    227728    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-10 18:04 . 2014-09-10 18:04    --------    d-----w-    c:\program files\iPod
2014-09-10 18:04 . 2014-09-10 18:04    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 18:04 . 2014-09-10 18:04    --------    d-----w-    c:\program files\iTunes
2014-09-10 18:04 . 2014-09-10 18:04    --------    d-----w-    c:\program files (x86)\iTunes
2014-09-08 09:26 . 2014-10-05 09:53    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-08 09:26 . 2014-09-08 09:26    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-08 09:26 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-08 09:26 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-08 09:26 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-08 09:11 . 2014-09-08 09:11    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-09-07 20:13 . 2014-09-09 04:54    --------    d-----w-    c:\users\Yaseen\AppData\Local\Adobe
2014-09-07 20:06 . 2014-09-07 20:06    --------    d-----w-    c:\programdata\NortonInstaller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-08 05:07 . 2012-10-21 22:57    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-09-08 05:07 . 2012-10-21 22:57    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-09-08 05:07 . 2012-10-21 22:57    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-09-08 05:07 . 2012-10-21 22:57    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-08-30 08:40 . 2014-08-30 08:40    33512    ----a-w-    c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-29 20:01 . 2011-09-28 07:12    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-17 22:19 . 2014-06-29 22:11    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-08-17 22:17 . 2014-06-29 22:04    282512    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-07-29 23:05 . 2014-07-24 23:53    669184    ----a-w-    c:\windows\SysWow64\pbsvc.exe
2014-07-25 19:55 . 2014-08-31 09:11    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 09:35 . 2014-07-25 09:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47 . 2014-07-25 06:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 15:10 . 2014-07-03 19:59    42040    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-05 751184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVworks"="regsvr32.exe" [2009-07-14 14848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-556 revA\wirelesscm.exe [2013-6-26 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-556 revA\jswpsapi.exe;c:\program files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3230290522-729723419-1199028287-1000\Software\SecuROM\License information*]
"datasecu"=hex:fc,d0,c1,4b,74,fb,53,5b,0d,e3,5e,cd,1a,e5,f7,a8,61,ec,b8,c6,b5,
   1b,aa,2e,f5,f1,01,c2,08,f2,6f,9d,ca,14,f5,8b,dd,63,d5,a5,5f,a2,24,60,c7,2b,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Completion time: 2014-10-05  03:39:36 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-05 10:39
.
Pre-Run: 268,076,568,576 bytes free
Post-Run: 268,019,515,392 bytes free
.
- - End Of File - - A2EAFBC26EC20971871EF4C2353D4C9E
5FB38429D5D77768867C76DCBDB35194



#14 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 05 October 2014 - 06:14 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Yaseen (administrator) on YASEEN-PC on 05-10-2014 03:43:13
Running from C:\Users\Yaseen\Desktop\Fixes
Loaded Profile: Yaseen (Available profiles: Yaseen & Mcx1-YASEEN-PC)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3230290522-729723419-1199028287-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [AVworks] => regsvr32.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-556 revA\wirelesscm.exe (D-Link Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCA054FAB7C7DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Yaseen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Yaseen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

Chrome:
=======
CHR Profile: C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (SocialReviver) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald [2014-08-02]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-29]
CHR Extension: (Google Search) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-29]
CHR Extension: (AdBlock) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-26] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 02:46 - 2014-10-05 03:43 - 00000000 ____D () C:\Users\Yaseen\Desktop\Fixes
2014-10-03 20:48 - 2014-10-04 23:27 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-10-03 20:48 - 2014-10-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-10-03 20:01 - 2014-10-03 20:01 - 00000000 ____D () C:\Windows\ERUNT
2014-10-03 19:52 - 2014-10-03 19:54 - 00000000 ____D () C:\AdwCleaner
2014-10-03 19:09 - 2014-10-05 03:06 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\Monava
2014-10-03 18:42 - 2014-10-05 03:29 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 15:41 - 2014-10-05 03:43 - 00000000 ____D () C:\FRST
2014-09-29 14:51 - 2014-09-29 14:51 - 539422711 _____ () C:\Windows\MEMORY.DMP
2014-09-29 14:51 - 2014-09-29 14:51 - 00274424 _____ () C:\Windows\Minidump\092914-21481-01.dmp
2014-09-29 02:31 - 2014-10-05 03:39 - 00000000 ____D () C:\Qoobox
2014-09-29 02:31 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-29 02:31 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-29 02:31 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-29 02:31 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-29 02:31 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-29 02:31 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-29 02:31 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-29 02:31 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-29 02:30 - 2014-10-02 15:25 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 11:07 - 2014-10-04 14:51 - 00000000 ____D () C:\Users\Yaseen\AppData\Local\CrashDumps
2014-09-27 10:53 - 2014-09-27 10:53 - 00111248 _____ () C:\Users\Yaseen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 10:49 - 2014-10-05 03:29 - 00010918 _____ () C:\Windows\PFRO.log
2014-09-27 10:49 - 2014-09-27 10:49 - 00411696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-27 05:52 - 2014-10-05 03:29 - 00008804 _____ () C:\Windows\setupact.log
2014-09-27 05:52 - 2014-09-27 05:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-19 13:33 - 2014-09-27 10:54 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\Media Player Classic
2014-09-17 14:18 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-17 14:18 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-17 14:18 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 14:18 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 14:18 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-17 14:18 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-17 14:18 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 14:18 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 14:18 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 14:18 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-17 14:18 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-17 14:18 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-17 14:18 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-17 14:18 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 14:18 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-17 14:18 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-17 14:18 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-17 14:18 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 14:18 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-17 14:18 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-17 14:18 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-17 14:18 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 14:18 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-17 14:18 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-17 14:18 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-17 14:18 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-17 14:18 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-17 14:18 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-17 14:18 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-17 14:18 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 14:18 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-17 14:18 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-17 14:18 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 14:18 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-17 14:18 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-17 14:18 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-17 14:18 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-17 14:18 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 14:18 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-17 14:18 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 14:18 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-17 14:18 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-17 14:18 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-17 14:18 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-17 14:18 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-17 14:18 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 14:18 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-17 14:18 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 14:18 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-17 14:18 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-17 14:18 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-17 14:18 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 14:18 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-17 14:18 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-17 14:18 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-17 14:18 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-17 13:39 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 13:39 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-17 13:28 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-17 13:28 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-17 13:28 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-17 13:28 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-17 13:28 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-17 13:28 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-17 13:27 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-17 13:27 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-17 13:24 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 13:24 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-17 13:24 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-17 13:24 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-17 13:24 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-17 13:24 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-17 13:24 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-17 13:24 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-17 13:23 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-17 13:23 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-17 13:23 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-17 13:23 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-17 13:23 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-17 13:23 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-17 13:23 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-17 13:23 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-17 13:23 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-17 13:23 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-17 13:23 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-17 13:23 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-17 13:23 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-17 13:23 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-17 13:23 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-17 13:22 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 13:22 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 13:22 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-17 13:22 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-17 13:22 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-17 13:22 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-17 13:22 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-17 13:22 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-17 13:22 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-17 13:22 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-17 13:22 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-17 13:22 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-17 13:21 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-17 13:21 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 13:21 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-17 13:21 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-17 13:21 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-17 13:21 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-17 13:21 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-17 13:21 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-17 13:21 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-17 13:21 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-17 13:21 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-17 13:21 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-17 13:21 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-17 13:21 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-17 13:18 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-17 13:18 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-17 13:18 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-17 13:17 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-17 13:17 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-17 13:17 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-17 13:17 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-17 13:17 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-17 13:17 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-17 13:17 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-15 22:12 - 2014-09-15 22:12 - 00000000 ____D () C:\Users\Yaseen\Desktop\Yaseen
2014-09-10 11:04 - 2014-09-10 11:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 11:04 - 2014-09-10 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 11:04 - 2014-09-10 11:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 11:04 - 2014-09-10 11:04 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 11:04 - 2014-09-10 11:04 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 11:04 - 2014-09-10 11:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 02:26 - 2014-10-05 02:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 02:26 - 2014-09-08 02:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 02:26 - 2014-09-08 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 02:26 - 2014-09-08 02:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 02:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 02:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 02:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-08 02:11 - 2014-09-08 02:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-07 13:14 - 2014-09-27 10:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-07 13:14 - 2014-09-07 13:14 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-07 13:13 - 2014-09-08 21:54 - 00000000 ____D () C:\Users\Yaseen\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 03:36 - 2009-07-13 21:45 - 00025792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 03:36 - 2009-07-13 21:45 - 00025792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 03:33 - 2011-09-27 18:14 - 01495340 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 03:30 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 03:09 - 2013-06-26 17:32 - 00000000 ____D () C:\Windows\pcidevice
2014-10-03 20:56 - 2011-10-02 18:16 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-03 20:32 - 2009-07-13 22:13 - 00796754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 19:54 - 2014-06-01 19:36 - 00000000 ____D () C:\Windows\system32\log
2014-10-02 15:25 - 2009-07-13 19:34 - 78118912 _____ () C:\Windows\system32\config\software.bak
2014-10-02 15:25 - 2009-07-13 19:34 - 16777216 _____ () C:\Windows\system32\config\system.bak
2014-10-02 15:25 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-02 15:25 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-10-02 15:25 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-10-02 15:00 - 2011-09-27 18:36 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\Adobe
2014-10-02 14:59 - 2011-09-27 18:15 - 00000000 ____D () C:\Users\Yaseen\AppData\Local\VirtualStore
2014-10-01 22:29 - 2011-09-29 15:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-29 14:51 - 2013-05-30 15:19 - 00000000 ____D () C:\Windows\Minidump
2014-09-29 14:20 - 2011-09-29 19:13 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\uTorrent
2014-09-29 03:02 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-09-27 17:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-09-27 15:28 - 2011-09-27 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 10:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system
2014-09-26 15:14 - 2014-06-29 20:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-24 19:02 - 2011-09-28 21:47 - 00002331 _____ () C:\Users\Yaseen\Desktop\Google Chrome.lnk
2014-09-24 16:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-19 10:24 - 2014-03-17 13:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 22:53 - 2011-09-29 21:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-18 07:35 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\Performance
2014-09-17 17:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-17 17:09 - 2013-06-26 13:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-17 17:09 - 2013-06-26 13:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-17 17:07 - 2014-06-01 12:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-17 17:07 - 2009-07-14 00:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-17 17:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-17 17:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-17 17:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-17 14:35 - 2014-08-14 01:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-17 14:09 - 2009-07-13 19:34 - 00000499 _____ () C:\Windows\win.ini
2014-09-17 14:02 - 2014-06-01 11:40 - 00788876 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-17 13:56 - 2013-06-26 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-15 09:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2014-09-13 17:31 - 2014-07-15 15:55 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-13 17:31 - 2014-06-29 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-13 17:31 - 2014-06-29 20:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 02:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\TAPI
2014-09-07 22:53 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-07 22:07 - 2012-10-21 15:57 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-09-07 22:07 - 2012-10-21 15:57 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-09-07 22:07 - 2012-10-21 15:57 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-09-07 22:07 - 2012-10-21 15:57 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-09-07 13:14 - 2011-09-27 18:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-07 13:14 - 2011-09-27 18:38 - 00000000 ____D () C:\ProgramData\Adobe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:03

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Yaseen at 2014-10-05 03:44:23
Running from C:\Users\Yaseen\Desktop\Fixes
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32354 - BitTorrent Inc.)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Combined Community Codec Pack 2012-12-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2012.12.30.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Da New Guys version 1.0 (HKLM-x32\...\{41241814-48CC-4DB7-8889-3EEE5576A79C}_is1) (Version: 1.0 - Wadjet Eye Games)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
DWA-556 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version:  - D-Link)
EA Network Play System (HKLM-x32\...\Network Play System) (Version:  - )
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - Square Enix)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Kane & Lynch 2: Dog Days (HKLM-x32\...\Steam App 28000) (Version:  - IO Interactive)
Kane & Lynch: Dead Men (HKLM-x32\...\Steam App 8080) (Version:  - IO Interactive)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ResidualVM 0.1.1 (HKLM-x32\...\ResidualVM_is1) (Version:  - The ResidualVM Team)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARDR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARDR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARDR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARDR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARDR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3230290522-729723419-1199028287-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yaseen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3230290522-729723419-1199028287-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Yaseen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-05 03:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D672C64-8A43-4501-84EE-14C3C73B5159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000UA => C:\Users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28] (Google Inc.)
Task: {78450858-DCA3-47BC-A333-83F2EBE860B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BAB1C1A-D992-4A70-8DE8-5D1CED280008} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A489C4C6-D4D1-4224-AA6C-85313B655729} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-YASEEN-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {CA758277-5606-42E3-AE60-6F30F8AF9712} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000Core => C:\Users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28] (Google Inc.)

==================== Loaded Modules (whitelisted) =============

2014-02-04 22:57 - 2005-04-21 21:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

========================= Accounts: ==========================

Administrator (S-1-5-21-3230290522-729723419-1199028287-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3230290522-729723419-1199028287-1005 - Limited - Enabled)
Guest (S-1-5-21-3230290522-729723419-1199028287-501 - Limited - Enabled)
Mcx1-YASEEN-PC (S-1-5-21-3230290522-729723419-1199028287-1002 - Limited - Enabled) => C:\Users\Mcx1-YASEEN-PC
Yaseen (S-1-5-21-3230290522-729723419-1199028287-1000 - Administrator - Enabled) => C:\Users\Yaseen

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: D-Link DWA-556 Xtreme N PCIe Desktop Adapter
Description: D-Link DWA-556 Xtreme N PCIe Desktop Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 02:51:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x44c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3


System errors:
=============
Error: (10/05/2014 03:28:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/05/2014 03:25:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/05/2014 03:25:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/05/2014 03:23:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/05/2014 03:08:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/04/2014 11:10:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/03/2014 08:14:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/04/2014 02:51:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75344c01cfdf877c2b97d0C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dll9090bc5e-4c10-11e4-a886-6cf0497c990d


CodeIntegrity Errors:
===================================
  Date: 2014-10-05 03:25:58.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 03:25:58.141
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 03:25:58.048
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 03:25:57.954
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 15:18:00.754
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 15:18:00.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 15:18:00.567
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 15:18:00.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 02:41:51.612
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 02:41:51.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 6142.48 MB
Available physical RAM: 4674.38 MB
Total Pagefile: 12283.15 MB
Available Pagefile: 10814.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:249.7 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:250.8 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.37 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 86568658)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CBEC8C67)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Yaseen at 2014-10-05 03:49:51 Run:2
Running from C:\Users\Yaseen\Desktop\Fixes
Loaded Profile: Yaseen (Available profiles: Yaseen & Mcx1-YASEEN-PC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Unlock: C:\Users\Yaseen\AppData\Roaming\Monava
C:\Users\Yaseen\AppData\Roaming\Monava
c:\users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe
HKU\S-1-5-21-3230290522-729723419-1199028287-1000\...\Run: [Niantyawysyxduc] => C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe [312978 2012-11-18] (ApexSQL LLC)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Niantyawysyxduc]
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}" /f
Task: C:\Windows\Tasks\Security Center Update - 3822370559.job => C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe <==== ATTENTION
Task: {EBF769EA-F85C-4FAE-BF15-07A745D848A8} - System32\Tasks\Security Center Update - 3822370559 => C:\Users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe [2012-11-18] (ApexSQL LLC) <==== ATTENTION
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {823BA960-09FD-4987-B889-320FEEA9ACFB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3275393&CUI=UN19390888652439528&UM=2
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
CHR Profile: C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR HKCU\...\Chrome\Extension: [jljbhenkepchpiknajdnfglojnccebbi] - C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-05-29]
CHR HKCU\...\Chrome\Extension: [llipdjclndbefakdjhpnmaafddddgnhk] - C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [jljbhenkepchpiknajdnfglojnccebbi] - C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [llipdjclndbefakdjhpnmaafddddgnhk] - C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx [2013-05-29]
CHR StartMenuInternet: Google Chrome - c:\users\yaseen\appdata\local\google\chrome\application\chrome.exe
2014-09-07 13:04 - 2014-09-07 13:06 - 00000000 ____D () C:\Users\Yaseen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-07 11:08 - 2014-09-07 11:08 - 00000036 _____ () C:\Users\Yaseen\AppData\Local\housecall.guid.cache
2014-09-07 02:37 - 2014-09-07 02:37 - 00000116 ___RH () C:\Users\Yaseen\Downloads\Stinger.opt
2014-10-02 15:26 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
Task: {04D3BC08-8B35-4766-B887-E1B7FE670E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {7CAC271D-A81B-4B62-9A35-9158FFA9EAB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {BB03DD69-9D08-4353-A97F-FE12C6671F43} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000Core.job => C:\Users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000UA.job => C:\Users\Yaseen\AppData\Local\Google\Update\GoogleUpdate.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Processes closed successfully.
"C:\Users\Yaseen\AppData\Roaming\Monava" => File/Directory unlocked successfully.
C:\Users\Yaseen\AppData\Roaming\Monava => Moved successfully.
"c:\users\Yaseen\AppData\Roaming\Monava\qaxozaf.exe" => File/Directory not found.
HKU\S-1-5-21-3230290522-729723419-1199028287-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Niantyawysyxduc => Value not found.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Niantyawysyxduc] => Error: No automatic fix found for this entry.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24808826-C2BF-4269-B3BA-89D1D5F431A4}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\Windows\Tasks\Security Center Update - 3822370559.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF769EA-F85C-4FAE-BF15-07A745D848A8}" => Key not found.
C:\Windows\System32\Tasks\Security Center Update - 3822370559 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3822370559" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key not found.
"HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{823BA960-09FD-4987-B889-320FEEA9ACFB}" => Key not found.
"HKCR\CLSID\{823BA960-09FD-4987-B889-320FEEA9ACFB}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
CHR Profile: C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi" => Key not found.
"C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\llipdjclndbefakdjhpnmaafddddgnhk" => Key not found.
"C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jljbhenkepchpiknajdnfglojnccebbi" => Key not found.
"C:\Users\Yaseen\AppData\Local\CRE\jljbhenkepchpiknajdnfglojnccebbi.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\llipdjclndbefakdjhpnmaafddddgnhk" => Key not found.
"C:\Users\Yaseen\AppData\Local\CRE\llipdjclndbefakdjhpnmaafddddgnhk.crx" => File/Directory not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
"C:\Users\Yaseen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton" => File/Directory not found.
"C:\Users\Public\Downloads\Norton" => File/Directory not found.
"C:\Users\Yaseen\AppData\Local\housecall.guid.cache" => File/Directory not found.
"C:\Users\Yaseen\Downloads\Stinger.opt" => File/Directory not found.
C:\Windows\Tasks\SA.DAT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D3BC08-8B35-4766-B887-E1B7FE670E05}" => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CAC271D-A81B-4B62-9A35-9158FFA9EAB5}" => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB03DD69-9D08-4353-A97F-FE12C6671F43}" => Key not found.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM)" => Key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000Core.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3230290522-729723419-1199028287-1000UA.job not found.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 68.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#15 Kothliim

Kothliim
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 05 October 2014 - 06:15 AM

# AdwCleaner v3.311 - Report created 05/10/2014 at 03:55:52
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Yaseen - YASEEN-PC
# Running from : C:\Users\Yaseen\Desktop\Fixes\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v

[ File : C:\Users\Yaseen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1506 octets] - [03/10/2014 19:52:35]
AdwCleaner[R1].txt - [921 octets] - [05/10/2014 03:54:04]
AdwCleaner[S0].txt - [1589 octets] - [03/10/2014 19:53:56]
AdwCleaner[S1].txt - [843 octets] - [05/10/2014 03:55:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [902 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Professional x64
Ran by Yaseen on Sun 10/05/2014 at  3:58:56.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/05/2014 at  4:02:14.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users