Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Windows 7 infected ( Services.exe, C:\Windows\Installer and Desktop.ini


(!)

vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
24-Mar-2013, 02:14 PM #1
Windows 7 infected ( Services.exe, C:\Windows\Installer and Desktop.ini
Please HELP!

I ran Avast virus scan two days ago and it said that I had about 6,000 infected files. All of these files were from Windows\Installer\eo2dbd02-62a9-821b.....

the last remaining viruses it picked up were "Desktop.ini" and "Services.exe"

I successfully deleted the Windows\Installer Trojans but it was not able to delete the Services.exe. or Desktop.ini

I did not think much of it until today when I started up my computer and it froze. Now every time I restart it freezes as soon as I click on the desktop.

I tried to restore it from a previous version from two days ago and managed to do it successfully but a few hours later the exact same thing happens...it just freezes.

I also tried getting a clean "services.exe" file from my other computer which also has Windows 7 on it and switching it with the bad one...(I re named the bad one and copied the good one while in safe mode)......absolutely nothing happened it still freezes on startup.

Please help, I have a lot of important files on my computer and I do not have backup.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
24-Mar-2013, 08:56 PM #2
Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
25-Mar-2013, 11:07 AM #3
Thank you for your help. I did exactly what you said and here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 12 days old)
Ran by SYSTEM at 25-03-2013 11:58:06
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe [79728 2012-02-14] (Driver-Soft Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKU\Daniel\...\Run: [AdobeBridge] [x]
HKU\Daniel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-03] (BitTorrent, Inc.)
HKU\Daniel\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd)
HKU\Daniel\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ===================
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2569168 2013-03-06] ()
2 DCPFLICS; C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe [139268 2007-10-24] ()
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
2 mi-raysat_3dsmax2013_32; "C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe" [86016 2011-09-14] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-03] ()
2 RaySat2012Server; C:\Program Files\Autodesk\mrsat3.9.1_maya2012\bin\raysat2012server.exe [99840 2011-05-18] (mental images GmbH)
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
==================== Drivers (Whitelisted) =====================
3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-02-23] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-09-09] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2013-03-25 11:57 - 2013-03-25 11:57 - 00000000 ____D C:\FRST
2013-03-24 13:21 - 2013-03-24 13:21 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-03-24 07:47 - 2013-03-24 07:52 - 118137367 ____A C:\Users\Daniel\Downloads\FPSCreatorFree.zip
2013-03-24 06:15 - 2013-03-24 06:18 - 00000000 ____D C:\Users\Daniel\Desktop\IMPORTANTtorrents
2013-03-23 13:26 - 2013-03-23 13:26 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete(1).rar
2013-03-23 12:53 - 2013-03-24 17:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-03-23 12:53 - 2013-03-24 17:19 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-03-23 12:53 - 2013-03-24 17:19 - 00000000 ____D C:\ProgramData\Skype
2013-03-23 12:13 - 2013-03-23 12:13 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete.rar
2013-03-22 10:19 - 2013-03-22 10:20 - 00000000 ____D C:\Users\Daniel\Desktop\Pics_recreate
2013-03-22 08:30 - 2013-03-22 08:30 - 03918811 ____A C:\Users\Daniel\Downloads\worldmaker.rar
2013-03-21 16:46 - 2013-03-21 16:46 - 00020384 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.color.theory.the.mechanics.of.color.torrent
2013-03-21 16:44 - 2013-03-21 16:44 - 00018717 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.advanced.uv.layout.for.production.dvd.bttrove.org.torre nt
2013-03-21 16:41 - 2013-03-21 16:41 - 00033656 ____A C:\Users\Daniel\Downloads\[isoHunt] download.torrent
2013-03-21 05:11 - 2013-03-21 05:11 - 00290616 ____A C:\Windows\Minidump\032113-64880-01.dmp
2013-03-21 05:10 - 2013-03-21 05:10 - 699305749 ____A C:\Windows\MEMORY.DMP
2013-03-20 05:41 - 2013-03-20 14:38 - 00000806 ____A C:\Users\Daniel\Desktop\3D TIPS.txt
2013-03-19 21:36 - 2013-03-19 21:36 - 00000164 ____A C:\Users\Daniel\Desktop\rmrwe.txt
2013-03-19 20:17 - 2013-03-19 20:17 - 00043503 ____A C:\Users\Daniel\Downloads\[kat.ph]real.social.dynamics.transformations.torrent
2013-03-19 01:02 - 2013-03-19 01:02 - 00369676 ____A C:\Users\Daniel\Downloads\the-gnomon-workshop-3ds-max.torrent
2013-03-19 00:57 - 2013-03-19 00:58 - 00014354 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.the.techniques.of.dusso.vol.1.torrent
2013-03-19 00:56 - 2013-03-19 00:56 - 00012114 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.3ds.max.cg.survival.kit.concept.to.final.image.strategi es.for.efficiency.torrent
2013-03-18 12:27 - 2013-03-18 12:27 - 30780592 ____A (Dropbox, Inc.) C:\Users\Daniel\Downloads\Dropbox 2.0.0.exe
2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-03-12 18:17 - 2013-03-12 18:17 - 01790496 ____A C:\Users\Daniel\Downloads\).zip
2013-03-11 21:14 - 2013-03-19 21:36 - 00014492 ____A C:\Users\Daniel\Desktop\Companies Applied To.xlsx
2013-03-11 09:31 - 2012-03-04 02:36 - 00000000 ____D C:\Users\Daniel\Downloads\Ace Hood - Body Bag (DatPiff.com)
2013-03-11 09:29 - 2013-03-11 09:30 - 78242510 ____A C:\Users\Daniel\Downloads\Body_Bag-(DatPiff.com).zip
2013-03-08 18:22 - 2013-03-08 18:22 - 00494425 ____A C:\Users\Daniel\Downloads\DvdDesignTemplates.zip
2013-03-08 11:53 - 2013-03-08 11:54 - 00000000 ____D C:\Users\Daniel\Downloads\demoreel_cover
2013-03-07 20:19 - 2013-03-07 20:19 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-03-07 20:19 - 2013-03-07 20:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-03-07 20:18 - 2013-03-07 20:18 - 40437664 ____A (Apple Inc.) C:\Users\Daniel\Downloads\QuickTimeInstaller.exe
2013-03-07 10:03 - 2013-03-07 10:03 - 53862779 ____A C:\Users\Daniel\Documents\What Associates Say About Creative.mp4
2013-03-07 10:03 - 2013-03-07 10:03 - 13346837 ____A C:\Users\Daniel\Documents\Massive Render Farm for 3D Artists and Videographers.mp4
2013-03-07 10:02 - 2013-03-07 10:03 - 64412131 ____A C:\Users\Daniel\Documents\3D Animated Tour- MAI Suite.mp4
2013-03-07 10:02 - 2013-03-07 10:03 - 37853025 ____A C:\Users\Daniel\Documents\Stylish Computer Cases Meet Hi-Tech Modding.mp4
2013-03-07 10:02 - 2013-03-07 10:03 - 25250787 ____A C:\Users\Daniel\Documents\Modeling- Nikon D90.mp4
2013-03-07 10:02 - 2013-03-07 10:02 - 10595101 ____A C:\Users\Daniel\Documents\Modeling- Studio Strobe.mp4
2013-03-07 10:02 - 2013-03-07 10:02 - 10512768 ____A C:\Users\Daniel\Documents\Swag Animation- Sticking to the Path of Success.mp4
2013-03-07 10:02 - 2013-03-07 10:02 - 10343879 ____A C:\Users\Daniel\Documents\Modeling- Panasonic AG AF100.mp4
2013-03-07 10:01 - 2013-03-07 10:11 - 46814010 ____A C:\Users\Daniel\Documents\3D Animation_Live-action, Valentine's Day.mp4
2013-03-07 10:01 - 2013-03-07 10:02 - 59910312 ____A C:\Users\Daniel\Documents\3D Animation_VFX, Jingle Bell 2011.mp4
2013-03-07 10:01 - 2013-03-07 10:02 - 26964125 ____A C:\Users\Daniel\Documents\Concept Art meets 1000-core Render Farm.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 30828109 ____A C:\Users\Daniel\Documents\PMP Tech Promo.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 19786661 ____A C:\Users\Daniel\Documents\Dramatic 3D Lighting Effects on our Extreme PC Mod.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 18856382 ____A C:\Users\Daniel\Documents\Multimedia Rich Interactive Event Promo.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 08668070 ____A C:\Users\Daniel\Documents\Concept character for Transformer Rigging.mp4
2013-03-07 10:00 - 2013-03-07 10:01 - 56459559 ____A C:\Users\Daniel\Documents\What 3D Artists say about PMP Studios.mp4
2013-03-07 10:00 - 2013-03-07 10:01 - 45511584 ____A C:\Users\Daniel\Documents\Acrylic PC Choreographed by our 3D Artists.mp4
2013-03-07 10:00 - 2013-03-07 10:01 - 07729887 ____A C:\Users\Daniel\Documents\Transformer Rigging by our 3D Artists.mp4
2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-02-25 18:14 - 2013-02-25 18:19 - 2656923418 ____A C:\Users\Daniel\Desktop\CristR.avi
2013-02-25 18:10 - 2013-03-08 20:32 - 00000000 ____D C:\Users\Daniel\Desktop\AftEffects_Premiere_pipeline
2013-02-24 20:42 - 2013-02-24 20:42 - 53765296 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22_Good.3gp
2013-02-24 20:33 - 2013-02-24 20:33 - 08366263 ____A C:\Users\Daniel\Desktop\Swag Animation.mp4
2013-02-24 20:12 - 2013-02-24 20:12 - 51795916 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22.3gp
2013-02-24 20:00 - 2013-02-24 20:00 - 03114504 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB.3gp
==================== One Month Modified Files and Folders =======
2013-03-25 11:57 - 2013-03-25 11:57 - 00000000 ____D C:\FRST
2013-03-25 07:30 - 2012-09-03 21:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2013-03-25 07:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-25 07:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-25 07:29 - 2012-09-06 15:46 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-03-25 07:29 - 2012-09-06 14:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-03-25 07:28 - 2012-09-10 15:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-25 07:27 - 2012-12-15 22:00 - 00009589 ____A C:\Windows\setupact.log
2013-03-25 07:27 - 2012-08-15 06:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-03-25 07:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-25 07:04 - 2012-08-22 11:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-25 06:55 - 2012-09-10 15:39 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-24 22:00 - 2012-08-27 16:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
2013-03-24 17:19 - 2013-03-23 12:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-03-24 17:19 - 2013-03-23 12:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-03-24 17:19 - 2013-03-23 12:53 - 00000000 ____D C:\ProgramData\Skype
2013-03-24 17:19 - 2013-01-15 16:45 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Applian FLV and Media Player
2013-03-24 17:19 - 2012-09-09 15:06 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2013-03-24 17:19 - 2012-09-01 16:08 - 00000000 ____D C:\ProgramData\FLEXnet
2013-03-24 17:19 - 2012-08-25 14:06 - 00000000 __RHD C:\MSOCache
2013-03-24 17:19 - 2012-08-22 11:19 - 00000000 ____D C:\Daniel
2013-03-24 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-24 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-24 15:00 - 2012-10-01 20:30 - 00000384 ____A C:\Windows\Tasks\At1.job
2013-03-24 13:26 - 2013-01-02 10:43 - 00000000 ____D C:\Users\Daniel\Desktop\newyears2013
2013-03-24 13:26 - 2009-07-13 21:13 - 00782748 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-24 13:21 - 2013-03-24 13:21 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-03-24 13:21 - 2012-08-22 10:40 - 00000000 ____D C:\users\Daniel
2013-03-24 13:21 - 2012-08-15 06:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-03-24 09:54 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-03-24 07:52 - 2013-03-24 07:47 - 118137367 ____A C:\Users\Daniel\Downloads\FPSCreatorFree.zip
2013-03-24 06:18 - 2013-03-24 06:15 - 00000000 ____D C:\Users\Daniel\Desktop\IMPORTANTtorrents
2013-03-23 13:26 - 2013-03-23 13:26 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete(1).rar
2013-03-23 12:13 - 2013-03-23 12:13 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete.rar
2013-03-22 17:18 - 2012-11-28 21:37 - 00001173 ____A C:\Users\Daniel\Desktop\STUDIOS_APPLIED.txt
2013-03-22 10:20 - 2013-03-22 10:19 - 00000000 ____D C:\Users\Daniel\Desktop\Pics_recreate
2013-03-22 08:30 - 2013-03-22 08:30 - 03918811 ____A C:\Users\Daniel\Downloads\worldmaker.rar
2013-03-21 16:46 - 2013-03-21 16:46 - 00020384 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.color.theory.the.mechanics.of.color.torrent
2013-03-21 16:44 - 2013-03-21 16:44 - 00018717 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.advanced.uv.layout.for.production.dvd.bttrove.org.torre nt
2013-03-21 16:41 - 2013-03-21 16:41 - 00033656 ____A C:\Users\Daniel\Downloads\[isoHunt] download.torrent
2013-03-21 14:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-21 12:32 - 2012-10-01 20:18 - 00000000 ____D C:\users\CrazyBump 1.05 Cracked
2013-03-21 05:11 - 2013-03-21 05:11 - 00290616 ____A C:\Windows\Minidump\032113-64880-01.dmp
2013-03-21 05:11 - 2012-10-20 11:07 - 00000000 ____D C:\Windows\Minidump
2013-03-21 05:10 - 2013-03-21 05:10 - 699305749 ____A C:\Windows\MEMORY.DMP
2013-03-20 14:38 - 2013-03-20 05:41 - 00000806 ____A C:\Users\Daniel\Desktop\3D TIPS.txt
2013-03-19 21:36 - 2013-03-19 21:36 - 00000164 ____A C:\Users\Daniel\Desktop\rmrwe.txt
2013-03-19 21:36 - 2013-03-11 21:14 - 00014492 ____A C:\Users\Daniel\Desktop\Companies Applied To.xlsx
2013-03-19 20:17 - 2013-03-19 20:17 - 00043503 ____A C:\Users\Daniel\Downloads\[kat.ph]real.social.dynamics.transformations.torrent
2013-03-19 19:21 - 2012-11-13 15:23 - 00000000 ____D C:\Users\Daniel\Documents\Outlook Files
2013-03-19 17:18 - 2012-12-11 10:43 - 00000000 ____D C:\Users\Daniel\Desktop\New folder
2013-03-19 01:02 - 2013-03-19 01:02 - 00369676 ____A C:\Users\Daniel\Downloads\the-gnomon-workshop-3ds-max.torrent
2013-03-19 00:58 - 2013-03-19 00:57 - 00014354 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.the.techniques.of.dusso.vol.1.torrent
2013-03-19 00:56 - 2013-03-19 00:56 - 00012114 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.3ds.max.cg.survival.kit.concept.to.final.image.strategi es.for.efficiency.torrent
2013-03-18 12:27 - 2013-03-18 12:27 - 30780592 ____A (Dropbox, Inc.) C:\Users\Daniel\Downloads\Dropbox 2.0.0.exe
2013-03-18 09:35 - 2012-11-30 19:36 - 00000000 ____D C:\Users\Daniel\Desktop\CoverLetter
2013-03-17 11:59 - 2012-09-02 12:44 - 00000000 ____D C:\Users\Daniel\3D
2013-03-16 12:18 - 2012-09-03 11:42 - 00000132 ____A C:\Users\Daniel\AppData\Roaming\Adobe Targa Format CS6 Prefs
2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-03-13 09:04 - 2012-08-22 11:00 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-13 09:04 - 2012-08-22 11:00 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-12 18:17 - 2013-03-12 18:17 - 01790496 ____A C:\Users\Daniel\Downloads\).zip
2013-03-12 18:17 - 2012-11-25 17:33 - 00018287 ____A C:\Windows\WindowsUpdate.log
2013-03-11 09:30 - 2013-03-11 09:29 - 78242510 ____A C:\Users\Daniel\Downloads\Body_Bag-(DatPiff.com).zip
2013-03-10 10:25 - 2012-09-03 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-09 17:23 - 2012-11-20 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-09 17:18 - 2012-11-25 20:29 - 00006122 ____A C:\Windows\PFRO.log
2013-03-09 17:18 - 2012-11-05 18:43 - 00000000 ____D C:\ProgramData\Browser Manager
2013-03-08 20:32 - 2013-02-25 18:10 - 00000000 ____D C:\Users\Daniel\Desktop\AftEffects_Premiere_pipeline
2013-03-08 18:22 - 2013-03-08 18:22 - 00494425 ____A C:\Users\Daniel\Downloads\DvdDesignTemplates.zip
2013-03-08 11:54 - 2013-03-08 11:53 - 00000000 ____D C:\Users\Daniel\Downloads\demoreel_cover
2013-03-07 20:19 - 2013-03-07 20:19 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-03-07 20:19 - 2013-03-07 20:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-03-07 20:18 - 2013-03-07 20:18 - 40437664 ____A (Apple Inc.) C:\Users\Daniel\Downloads\QuickTimeInstaller.exe
2013-03-07 10:11 - 2013-03-07 10:01 - 46814010 ____A C:\Users\Daniel\Documents\3D Animation_Live-action, Valentine's Day.mp4
2013-03-07 10:03 - 2013-03-07 10:03 - 53862779 ____A C:\Users\Daniel\Documents\What Associates Say About Creative.mp4
2013-03-07 10:03 - 2013-03-07 10:03 - 13346837 ____A C:\Users\Daniel\Documents\Massive Render Farm for 3D Artists and Videographers.mp4
2013-03-07 10:03 - 2013-03-07 10:02 - 64412131 ____A C:\Users\Daniel\Documents\3D Animated Tour- MAI Suite.mp4
2013-03-07 10:03 - 2013-03-07 10:02 - 37853025 ____A C:\Users\Daniel\Documents\Stylish Computer Cases Meet Hi-Tech Modding.mp4
2013-03-07 10:03 - 2013-03-07 10:02 - 25250787 ____A C:\Users\Daniel\Documents\Modeling- Nikon D90.mp4
2013-03-07 10:02 - 2013-03-07 10:02 - 10595101 ____A C:\Users\Daniel\Documents\Modeling- Studio Strobe.mp4
2013-03-07 10:02 - 2013-03-07 10:02 - 10512768 ____A C:\Users\Daniel\Documents\Swag Animation- Sticking to the Path of Success.mp4
2013-03-07 10:02 - 2013-03-07 10:02 - 10343879 ____A C:\Users\Daniel\Documents\Modeling- Panasonic AG AF100.mp4
2013-03-07 10:02 - 2013-03-07 10:01 - 59910312 ____A C:\Users\Daniel\Documents\3D Animation_VFX, Jingle Bell 2011.mp4
2013-03-07 10:02 - 2013-03-07 10:01 - 26964125 ____A C:\Users\Daniel\Documents\Concept Art meets 1000-core Render Farm.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 30828109 ____A C:\Users\Daniel\Documents\PMP Tech Promo.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 19786661 ____A C:\Users\Daniel\Documents\Dramatic 3D Lighting Effects on our Extreme PC Mod.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 18856382 ____A C:\Users\Daniel\Documents\Multimedia Rich Interactive Event Promo.mp4
2013-03-07 10:01 - 2013-03-07 10:01 - 08668070 ____A C:\Users\Daniel\Documents\Concept character for Transformer Rigging.mp4
2013-03-07 10:01 - 2013-03-07 10:00 - 56459559 ____A C:\Users\Daniel\Documents\What 3D Artists say about PMP Studios.mp4
2013-03-07 10:01 - 2013-03-07 10:00 - 45511584 ____A C:\Users\Daniel\Documents\Acrylic PC Choreographed by our 3D Artists.mp4
2013-03-07 10:01 - 2013-03-07 10:00 - 07729887 ____A C:\Users\Daniel\Documents\Transformer Rigging by our 3D Artists.mp4
2013-03-07 10:00 - 2013-02-11 11:38 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-03-06 01:04 - 2012-09-04 10:29 - 00000000 ____D C:\ProgramData\e-onsoftware
2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-03-01 14:55 - 2012-10-02 10:48 - 00000132 ____A C:\Users\Daniel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-02-25 18:19 - 2013-02-25 18:14 - 2656923418 ____A C:\Users\Daniel\Desktop\CristR.avi
2013-02-24 20:42 - 2013-02-24 20:42 - 53765296 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22_Good.3gp
2013-02-24 20:33 - 2013-02-24 20:33 - 08366263 ____A C:\Users\Daniel\Desktop\Swag Animation.mp4
2013-02-24 20:12 - 2013-02-24 20:12 - 51795916 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22.3gp
2013-02-24 20:00 - 2013-02-24 20:00 - 03114504 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB.3gp

ZeroAccess:
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\@
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L\00000004.@
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L\201d3dde
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L\4cce1f70
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\00000004.@
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\00000008.@
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\000000cb.@
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1042.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1078.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1105.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1184.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz11D2.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1213.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1230.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz12F0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz12F1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1344.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1345.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz14A5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz14E5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1523.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1524.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz160E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz193F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1950.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1A81.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1A91.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1A9F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1AA0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1AFF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1B38.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1B9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1BEE.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1C47.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1CBA.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1CDD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1D1C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1D9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1E17.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1E7D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1E7E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1EC3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz20D4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz20D9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2103.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2107.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz21A2.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz22A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz238.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2396.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2399.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz23C6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz23C9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2432.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz254F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2648.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz27AF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz27B0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz282C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2AC1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2B71.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2BB0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2CB6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2CFB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2D0D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2DC9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2FB3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2FB4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2FF8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz303B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz30AD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz30C1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz30D8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3188.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz31B7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz327C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz327D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3312.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz33C6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3469.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz351.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3777.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz37C6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3853.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3909.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz396B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3A04.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3A23.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3A95.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3AD4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3AEF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3B9C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3B9D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3D8D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3D8E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3EE0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3FEC.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3FFD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4014.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz406C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4086.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz40A9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz40F0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4176.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz41AF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz41FE.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz43DF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz45BD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4650.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz467A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz468A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4699.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz46B9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz475D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4776.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz47FA.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4817.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4854.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4893.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4992.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz49A2.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4A79.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4B0A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4B87.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4BD0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4C04.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4D44.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4DD9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4E50.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4E57.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4EB1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4F2A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4F81.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4FDA.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz50ED.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5143.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5218.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5329.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5426.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5453.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5483.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5486.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5491.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5517.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5518.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz55BD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz55D4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz55E7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5690.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56A1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56B0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56C5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56C6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56C8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5828.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz585C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz58B2.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz58F1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5A09.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5A84.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5AB4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5B13.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5B52.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5C08.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5C09.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5DC5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5EE4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6011.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz61C4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6250.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6261.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6316.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz632B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz63C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz63C1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz63E1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6476.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz64F6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6525.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6623.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6708.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6790.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6826.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz688A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6920.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz696F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz699E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz69C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz69C7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6A49.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6A93.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6AD6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6D8E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6D8F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6E8A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6EE9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz70E4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz711C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz71F3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz72B5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz72C6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7313.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7340.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7342.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz73A4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz73F1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7422.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz744C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz744D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7478.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7498.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7503.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7609.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7610.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7613.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7614.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76D2.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76EE.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76EF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76FB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz774D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz77F8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz78D4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz78E5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz78E9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz790B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz798C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz799D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz79D7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7A41.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7AB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7AFD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7B32.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7B33.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7C9D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7CFB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7D3B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7DB8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7ED3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F00.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F70.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F8D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F90.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8007.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz801B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8078.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8140.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz81B9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz842E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz85F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz876.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz896.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8962.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8973.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8B78.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8BC7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8D4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8D8F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8DFE.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8E3E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8F5C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8F8B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9008.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz90BF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9103.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9209.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9371.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz93E5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9463.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9474.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9482.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz951F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz95AB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz95D3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz95E0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9603.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9A9E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9A9F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9B0A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9B9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9BF6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9BF7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9BF8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9E8B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9EAC.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9F49.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9F74.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA07E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA285.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA2A4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA2B5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA56B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA58A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA637.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA6C0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA730.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA75D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA80B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzAB4A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzABA7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzABE7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzADE9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzAF7A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB046.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB19.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB2D3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB360.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB48C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB4D2.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB670.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB68.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB715.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB734.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB791.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB82F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB83F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB88C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB952.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBAE4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBAF5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBBA8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC20.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC45.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC55.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBCB9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBDA4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBE80.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC065.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC149.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC156.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC16A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC16B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC238.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC372.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC389.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC453.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC4B0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC4C0.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC4FF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC5F9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC742.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC7CF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC8F8.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCD53.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCD8F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCDA9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCDD9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCE4B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCEAB.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCF61.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCF62.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD063.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD107.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD15E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD23F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD29C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD2CC.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD448.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD61A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD646.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD7E9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD8C4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD919.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD990.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD9C7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDA0D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDA62.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDA7B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDB59.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDB7A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDB7B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDBFF.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDC1F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDC4E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDCBD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDD5E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDD68.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDDBC.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDEE3.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDF03.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDF7B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDFB9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDFD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE009.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE153.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE32A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE34D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE3FA.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE53E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE60A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE686.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE6B6.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE6C5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE824.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE825.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEA9A.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB48.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB49.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB4F.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB70.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB91.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEBB1.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEBEE.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEC9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEF6D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEF6E.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF0ED.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF0F5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF0FD.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF199.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF1AA.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF24C.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF2B4.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF2B5.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF3A9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF3D9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF4DC.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF523.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF542.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF57.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF606.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF61D.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF646.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF7F9.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF8D7.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF955.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFB37.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFBDC.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFC1B.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFE61.tmp
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFFE0.tmp
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
ZeroAccess:
C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\@
C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L
C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-03-21 15:55:51
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16361.41 MB
Available physical RAM: 15093.09 MB
Total Pagefile: 16359.56 MB
Available Pagefile: 15090.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:210.35 GB) NTFS
2 Drive e: (GRMCENXVOL_EN_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF
3 Drive f: (Iomega) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
4 Drive g: (EXCERCISE) (Removable) (Total:7.21 GB) (Free:7.21 GB) FAT32
5 Drive h: (Daniel_Iomega_HDD_500GB) (Fixed) (Total:465.02 GB) (Free:135.23 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7389 MB 0 B
Disk 2 Online 465 GB 62 MB
Partitions of Disk 0:
===============
Disk ID: E781FB54
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
=========================================================================== =======
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: C3072E18
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7385 MB 4032 KB
=========================================================================== =======
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G EXCERCISE FAT32 Removable 7385 MB Healthy
=========================================================
Partitions of Disk 2:
===============
Disk ID: 49A7D862
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 252 KB
=========================================================================== =======
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Daniel_Iome NTFS Partition 465 GB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: E781FB54
Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB
Partition 2:
=========
Hex: 00DF140C07FEFFFF0028030000386D74
Active: NO
Type: 07 (NTFS)
Size: 931 GB
==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18
Partition 1:
=========
Hex: 000001010B52D353801F0000C0CAE600
Active: NO
Type: 0B
Size: 7 GB
==============================
Partitions of Disk 2:
===============
Disk ID: 0
Partition 1:
=========
Hex: 0
Active: NO
Type: 0
Size: 0 byte
Partition 2:
=========
Hex: 0
Active: NO
Type: 0
Size: 0 byte
Partition 3:
=========
Hex: 0
Active: NO
Type: 0
Size: 0 byte
Partition 4:
=========
Hex: 0
Active: NO
Type: 0
Size: 0 byte

Last Boot: 2013-03-24 20:54
==================== End Of Log =============================
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
25-Mar-2013, 04:27 PM #4
your services.exe file is still showing as infected, so let's find a replacement before we fix the other items in the log that need attention

Please boot into the Recovery Environment as you did before and run FRST
  • type the following into the search box:services.exe
  • now press the search button
  • when the search is complete, search.txt will be written to your USB
  • type exit and reboot the computer normally
  • please copy and paste the log in your reply.(Search.txt)
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
25-Mar-2013, 06:12 PM #5
Farbar Recovery Scan Tool (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-25 19:01:17
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
25-Mar-2013, 06:17 PM #6
Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
start
HKLM-x32\...\Run: [] [x]
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
cmd: del /a/f/q c:\windows\tasks\at*.job
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.



NEXT




Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
26-Mar-2013, 10:45 AM #7
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-26 11:40:23 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ru n\\ Default Value restored successfully.
C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe copied successfully to C:\Windows\System32\services.exe

========= del /a/f/q c:\windows\tasks\at*.job =========


========= End of CMD: =========


==== End of Fixlog ====
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
26-Mar-2013, 10:45 AM #8
I am about to download combo fix now
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
26-Mar-2013, 12:35 PM #9
I ran combo fix and it said my Avast was still running. I followed exactly the instructions in that link you sent me to disable it. I even Ctrl+alt+deleted and end processes on everything that said avast. It still said it was running...I continued with the scan anyway.

Combo fix then deleted the most important folder that i needed for work. All my work was on it, and that was the only folder it deleted. If i didnt have a backup of this folder I would be in big trouble...why did it do this?

I have attached the log to this post because it was to long.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
26-Mar-2013, 05:47 PM #10
the folder would have been targeted because of location most likely, do you need those files dequarantined or did your backup restore what you needed?

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
27-Mar-2013, 02:50 PM #11
I have attached all the logs from each scan.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
27-Mar-2013, 02:51 PM #12
Yeah and I backed up what I needed
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
27-Mar-2013, 05:24 PM #13
Please do the following:


Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:
:Files
C:\Adobe CS6 Master Collection\Adobe CS6 Master Collection\Crack\Patch.rar	
C:\Adobe CS6 Master Collection\Adobe CS6 Master Collection\Crack\crack\cs6.patch.exe	
C:\Daniel\Daniel\Data_Config Aug_15_2010\Computer Config\Drivers\Bamboo Fun Pen Tablet Win 7 64-bit driver\SoftonicDownloader30110.exe	
C:\Daniel\Daniel\Downloads\KeyGen-v1.0.0.0_Installer.exe	
C:\Daniel\GNOMON WORKSHOP The Techniques of Dusso vol.1\gnomon.iso	
C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\46625efb-1688ccae	
C:\Documents and Settings\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_de-DE_121023_14-28_19_0_3_47.exe	
C:\Documents and Settings\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_en-II_120816_09-50_19_0_1_36.exe	
C:\Documents and Settings\Daniel\Downloads\DAEMONToolsPro510-0333.exe	
C:\Documents and Settings\Daniel\Downloads\Vray_Key_to_3D_Success.exe	
C:\Program Files (x86)\Autodesk\Softimage 2013\Application\bin\mentalmill_plugins\gen_msl.dll	
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\46625efb-1688ccae	
C:\Users\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_de-DE_121023_14-28_19_0_3_47.exe	
C:\Users\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_en-II_120816_09-50_19_0_1_36.exe	
C:\Users\Daniel\Downloads\DAEMONToolsPro510-0333.exe	
C:\Users\Daniel\Downloads\Vray_Key_to_3D_Success.exe	
C:\Windows\Installer\abb9786.msi	

:Commands
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)Having the latest updates ensures there are no security vulnerabilities in your system.Decline any additional installs that may be offered. NEXT


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u17
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked
      • Trace and Log Files
        Cached Applications and Applets
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.



Please advise how the computer is running now and if there are any outstanding issues
vaz21's Avatar
vaz21 vaz21 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Mar 2013
27-Mar-2013, 07:17 PM #14
I attached the OTM log.

My computer seems to be running fine now. All malware seems to have been deleted.

I will be doing a full system scan with Avast and I will let you know if it picks up anything in my next post.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
27-Mar-2013, 07:36 PM #15
ok,

let me know if there are any outstanding issues
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2