1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 7 infected ( Services.exe, C:\Windows\Installer and Desktop.ini

Discussion in 'Virus & Other Malware Removal' started by vaz21, Mar 24, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    Please HELP!

    I ran Avast virus scan two days ago and it said that I had about 6,000 infected files. All of these files were from Windows\Installer\eo2dbd02-62a9-821b.....

    the last remaining viruses it picked up were "Desktop.ini" and "Services.exe"

    I successfully deleted the Windows\Installer Trojans but it was not able to delete the Services.exe. or Desktop.ini

    I did not think much of it until today when I started up my computer and it froze. Now every time I restart it freezes as soon as I click on the desktop.

    I tried to restore it from a previous version from two days ago and managed to do it successfully but a few hours later the exact same thing happens...it just freezes.

    I also tried getting a clean "services.exe" file from my other computer which also has Windows 7 on it and switching it with the bad one...(I re named the bad one and copied the good one while in safe mode)......absolutely nothing happened it still freezes on startup.

    Please help, I have a lot of important files on my computer and I do not have backup.
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:

    Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  3. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    Thank you for your help. I did exactly what you said and here is the log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 12 days old)
    Ran by SYSTEM at 25-03-2013 11:58:06
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-18] (Realtek Semiconductor)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
    HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-20] (CyberLink)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe [79728 2012-02-14] (Driver-Soft Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
    HKU\Daniel\...\Run: [AdobeBridge] [x]
    HKU\Daniel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [896912 2012-09-03] (BitTorrent, Inc.)
    HKU\Daniel\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd)
    HKU\Daniel\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    ==================== Services (Whitelisted) ===================
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
    2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2569168 2013-03-06] ()
    2 DCPFLICS; C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe [139268 2007-10-24] ()
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
    2 mi-raysat_3dsmax2013_32; "C:\Program Files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe" [86016 2011-09-14] ()
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-03] ()
    2 RaySat2012Server; C:\Program Files\Autodesk\mrsat3.9.1_maya2012\bin\raysat2012server.exe [99840 2011-05-18] (mental images GmbH)
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
    ==================== Drivers (Whitelisted) =====================
    3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-02-23] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-09-09] (DT Soft Ltd)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2013-03-25 11:57 - 2013-03-25 11:57 - 00000000 ____D C:\FRST
    2013-03-24 13:21 - 2013-03-24 13:21 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-03-24 07:47 - 2013-03-24 07:52 - 118137367 ____A C:\Users\Daniel\Downloads\FPSCreatorFree.zip
    2013-03-24 06:15 - 2013-03-24 06:18 - 00000000 ____D C:\Users\Daniel\Desktop\IMPORTANTtorrents
    2013-03-23 13:26 - 2013-03-23 13:26 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete(1).rar
    2013-03-23 12:53 - 2013-03-24 17:19 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-03-23 12:53 - 2013-03-24 17:19 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
    2013-03-23 12:53 - 2013-03-24 17:19 - 00000000 ____D C:\ProgramData\Skype
    2013-03-23 12:13 - 2013-03-23 12:13 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete.rar
    2013-03-22 10:19 - 2013-03-22 10:20 - 00000000 ____D C:\Users\Daniel\Desktop\Pics_recreate
    2013-03-22 08:30 - 2013-03-22 08:30 - 03918811 ____A C:\Users\Daniel\Downloads\worldmaker.rar
    2013-03-21 16:46 - 2013-03-21 16:46 - 00020384 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.color.theory.the.mechanics.of.color.torrent
    2013-03-21 16:44 - 2013-03-21 16:44 - 00018717 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.advanced.uv.layout.for.production.dvd.bttrove.org.torrent
    2013-03-21 16:41 - 2013-03-21 16:41 - 00033656 ____A C:\Users\Daniel\Downloads\[isoHunt] download.torrent
    2013-03-21 05:11 - 2013-03-21 05:11 - 00290616 ____A C:\Windows\Minidump\032113-64880-01.dmp
    2013-03-21 05:10 - 2013-03-21 05:10 - 699305749 ____A C:\Windows\MEMORY.DMP
    2013-03-20 05:41 - 2013-03-20 14:38 - 00000806 ____A C:\Users\Daniel\Desktop\3D TIPS.txt
    2013-03-19 21:36 - 2013-03-19 21:36 - 00000164 ____A C:\Users\Daniel\Desktop\rmrwe.txt
    2013-03-19 20:17 - 2013-03-19 20:17 - 00043503 ____A C:\Users\Daniel\Downloads\[kat.ph]real.social.dynamics.transformations.torrent
    2013-03-19 01:02 - 2013-03-19 01:02 - 00369676 ____A C:\Users\Daniel\Downloads\the-gnomon-workshop-3ds-max.torrent
    2013-03-19 00:57 - 2013-03-19 00:58 - 00014354 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.the.techniques.of.dusso.vol.1.torrent
    2013-03-19 00:56 - 2013-03-19 00:56 - 00012114 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.3ds.max.cg.survival.kit.concept.to.final.image.strategies.for.efficiency.torrent
    2013-03-18 12:27 - 2013-03-18 12:27 - 30780592 ____A (Dropbox, Inc.) C:\Users\Daniel\Downloads\Dropbox 2.0.0.exe
    2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
    2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
    2013-03-12 18:17 - 2013-03-12 18:17 - 01790496 ____A C:\Users\Daniel\Downloads\).zip
    2013-03-11 21:14 - 2013-03-19 21:36 - 00014492 ____A C:\Users\Daniel\Desktop\Companies Applied To.xlsx
    2013-03-11 09:31 - 2012-03-04 02:36 - 00000000 ____D C:\Users\Daniel\Downloads\Ace Hood - Body Bag (DatPiff.com)
    2013-03-11 09:29 - 2013-03-11 09:30 - 78242510 ____A C:\Users\Daniel\Downloads\Body_Bag-(DatPiff.com).zip
    2013-03-08 18:22 - 2013-03-08 18:22 - 00494425 ____A C:\Users\Daniel\Downloads\DvdDesignTemplates.zip
    2013-03-08 11:53 - 2013-03-08 11:54 - 00000000 ____D C:\Users\Daniel\Downloads\demoreel_cover
    2013-03-07 20:19 - 2013-03-07 20:19 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2013-03-07 20:19 - 2013-03-07 20:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2013-03-07 20:18 - 2013-03-07 20:18 - 40437664 ____A (Apple Inc.) C:\Users\Daniel\Downloads\QuickTimeInstaller.exe
    2013-03-07 10:03 - 2013-03-07 10:03 - 53862779 ____A C:\Users\Daniel\Documents\What Associates Say About Creative.mp4
    2013-03-07 10:03 - 2013-03-07 10:03 - 13346837 ____A C:\Users\Daniel\Documents\Massive Render Farm for 3D Artists and Videographers.mp4
    2013-03-07 10:02 - 2013-03-07 10:03 - 64412131 ____A C:\Users\Daniel\Documents\3D Animated Tour- MAI Suite.mp4
    2013-03-07 10:02 - 2013-03-07 10:03 - 37853025 ____A C:\Users\Daniel\Documents\Stylish Computer Cases Meet Hi-Tech Modding.mp4
    2013-03-07 10:02 - 2013-03-07 10:03 - 25250787 ____A C:\Users\Daniel\Documents\Modeling- Nikon D90.mp4
    2013-03-07 10:02 - 2013-03-07 10:02 - 10595101 ____A C:\Users\Daniel\Documents\Modeling- Studio Strobe.mp4
    2013-03-07 10:02 - 2013-03-07 10:02 - 10512768 ____A C:\Users\Daniel\Documents\Swag Animation- Sticking to the Path of Success.mp4
    2013-03-07 10:02 - 2013-03-07 10:02 - 10343879 ____A C:\Users\Daniel\Documents\Modeling- Panasonic AG AF100.mp4
    2013-03-07 10:01 - 2013-03-07 10:11 - 46814010 ____A C:\Users\Daniel\Documents\3D Animation_Live-action, Valentine's Day.mp4
    2013-03-07 10:01 - 2013-03-07 10:02 - 59910312 ____A C:\Users\Daniel\Documents\3D Animation_VFX, Jingle Bell 2011.mp4
    2013-03-07 10:01 - 2013-03-07 10:02 - 26964125 ____A C:\Users\Daniel\Documents\Concept Art meets 1000-core Render Farm.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 30828109 ____A C:\Users\Daniel\Documents\PMP Tech Promo.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 19786661 ____A C:\Users\Daniel\Documents\Dramatic 3D Lighting Effects on our Extreme PC Mod.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 18856382 ____A C:\Users\Daniel\Documents\Multimedia Rich Interactive Event Promo.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 08668070 ____A C:\Users\Daniel\Documents\Concept character for Transformer Rigging.mp4
    2013-03-07 10:00 - 2013-03-07 10:01 - 56459559 ____A C:\Users\Daniel\Documents\What 3D Artists say about PMP Studios.mp4
    2013-03-07 10:00 - 2013-03-07 10:01 - 45511584 ____A C:\Users\Daniel\Documents\Acrylic PC Choreographed by our 3D Artists.mp4
    2013-03-07 10:00 - 2013-03-07 10:01 - 07729887 ____A C:\Users\Daniel\Documents\Transformer Rigging by our 3D Artists.mp4
    2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
    2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2013-02-25 18:14 - 2013-02-25 18:19 - 2656923418 ____A C:\Users\Daniel\Desktop\CristR.avi
    2013-02-25 18:10 - 2013-03-08 20:32 - 00000000 ____D C:\Users\Daniel\Desktop\AftEffects_Premiere_pipeline
    2013-02-24 20:42 - 2013-02-24 20:42 - 53765296 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22_Good.3gp
    2013-02-24 20:33 - 2013-02-24 20:33 - 08366263 ____A C:\Users\Daniel\Desktop\Swag Animation.mp4
    2013-02-24 20:12 - 2013-02-24 20:12 - 51795916 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22.3gp
    2013-02-24 20:00 - 2013-02-24 20:00 - 03114504 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB.3gp
    ==================== One Month Modified Files and Folders =======
    2013-03-25 11:57 - 2013-03-25 11:57 - 00000000 ____D C:\FRST
    2013-03-25 07:30 - 2012-09-03 21:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
    2013-03-25 07:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-25 07:30 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-25 07:29 - 2012-09-06 15:46 - 00000000 ___RD C:\Users\Daniel\Dropbox
    2013-03-25 07:29 - 2012-09-06 14:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
    2013-03-25 07:28 - 2012-09-10 15:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-25 07:27 - 2012-12-15 22:00 - 00009589 ____A C:\Windows\setupact.log
    2013-03-25 07:27 - 2012-08-15 06:44 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-03-25 07:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-25 07:04 - 2012-08-22 11:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-03-25 06:55 - 2012-09-10 15:39 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-24 22:00 - 2012-08-27 16:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe
    2013-03-24 17:19 - 2013-03-23 12:53 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-03-24 17:19 - 2013-03-23 12:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
    2013-03-24 17:19 - 2013-03-23 12:53 - 00000000 ____D C:\ProgramData\Skype
    2013-03-24 17:19 - 2013-01-15 16:45 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Applian FLV and Media Player
    2013-03-24 17:19 - 2012-09-09 15:06 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
    2013-03-24 17:19 - 2012-09-01 16:08 - 00000000 ____D C:\ProgramData\FLEXnet
    2013-03-24 17:19 - 2012-08-25 14:06 - 00000000 __RHD C:\MSOCache
    2013-03-24 17:19 - 2012-08-22 11:19 - 00000000 ____D C:\Daniel
    2013-03-24 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-03-24 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2013-03-24 15:00 - 2012-10-01 20:30 - 00000384 ____A C:\Windows\Tasks\At1.job
    2013-03-24 13:26 - 2013-01-02 10:43 - 00000000 ____D C:\Users\Daniel\Desktop\newyears2013
    2013-03-24 13:26 - 2009-07-13 21:13 - 00782748 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-24 13:21 - 2013-03-24 13:21 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-03-24 13:21 - 2012-08-22 10:40 - 00000000 ____D C:\users\Daniel
    2013-03-24 13:21 - 2012-08-15 06:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2013-03-24 09:54 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-03-24 07:52 - 2013-03-24 07:47 - 118137367 ____A C:\Users\Daniel\Downloads\FPSCreatorFree.zip
    2013-03-24 06:18 - 2013-03-24 06:15 - 00000000 ____D C:\Users\Daniel\Desktop\IMPORTANTtorrents
    2013-03-23 13:26 - 2013-03-23 13:26 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete(1).rar
    2013-03-23 12:13 - 2013-03-23 12:13 - 00359183 ____A C:\Users\Daniel\Downloads\SizeTemplete.rar
    2013-03-22 17:18 - 2012-11-28 21:37 - 00001173 ____A C:\Users\Daniel\Desktop\STUDIOS_APPLIED.txt
    2013-03-22 10:20 - 2013-03-22 10:19 - 00000000 ____D C:\Users\Daniel\Desktop\Pics_recreate
    2013-03-22 08:30 - 2013-03-22 08:30 - 03918811 ____A C:\Users\Daniel\Downloads\worldmaker.rar
    2013-03-21 16:46 - 2013-03-21 16:46 - 00020384 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.color.theory.the.mechanics.of.color.torrent
    2013-03-21 16:44 - 2013-03-21 16:44 - 00018717 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.advanced.uv.layout.for.production.dvd.bttrove.org.torrent
    2013-03-21 16:41 - 2013-03-21 16:41 - 00033656 ____A C:\Users\Daniel\Downloads\[isoHunt] download.torrent
    2013-03-21 14:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-03-21 12:32 - 2012-10-01 20:18 - 00000000 ____D C:\users\CrazyBump 1.05 Cracked
    2013-03-21 05:11 - 2013-03-21 05:11 - 00290616 ____A C:\Windows\Minidump\032113-64880-01.dmp
    2013-03-21 05:11 - 2012-10-20 11:07 - 00000000 ____D C:\Windows\Minidump
    2013-03-21 05:10 - 2013-03-21 05:10 - 699305749 ____A C:\Windows\MEMORY.DMP
    2013-03-20 14:38 - 2013-03-20 05:41 - 00000806 ____A C:\Users\Daniel\Desktop\3D TIPS.txt
    2013-03-19 21:36 - 2013-03-19 21:36 - 00000164 ____A C:\Users\Daniel\Desktop\rmrwe.txt
    2013-03-19 21:36 - 2013-03-11 21:14 - 00014492 ____A C:\Users\Daniel\Desktop\Companies Applied To.xlsx
    2013-03-19 20:17 - 2013-03-19 20:17 - 00043503 ____A C:\Users\Daniel\Downloads\[kat.ph]real.social.dynamics.transformations.torrent
    2013-03-19 19:21 - 2012-11-13 15:23 - 00000000 ____D C:\Users\Daniel\Documents\Outlook Files
    2013-03-19 17:18 - 2012-12-11 10:43 - 00000000 ____D C:\Users\Daniel\Desktop\New folder
    2013-03-19 01:02 - 2013-03-19 01:02 - 00369676 ____A C:\Users\Daniel\Downloads\the-gnomon-workshop-3ds-max.torrent
    2013-03-19 00:58 - 2013-03-19 00:57 - 00014354 ____A C:\Users\Daniel\Downloads\[kat.ph]gnomon.workshop.the.techniques.of.dusso.vol.1.torrent
    2013-03-19 00:56 - 2013-03-19 00:56 - 00012114 ____A C:\Users\Daniel\Downloads\[kat.ph]the.gnomon.workshop.3ds.max.cg.survival.kit.concept.to.final.image.strategies.for.efficiency.torrent
    2013-03-18 12:27 - 2013-03-18 12:27 - 30780592 ____A (Dropbox, Inc.) C:\Users\Daniel\Downloads\Dropbox 2.0.0.exe
    2013-03-18 09:35 - 2012-11-30 19:36 - 00000000 ____D C:\Users\Daniel\Desktop\CoverLetter
    2013-03-17 11:59 - 2012-09-02 12:44 - 00000000 ____D C:\Users\Daniel\3D
    2013-03-16 12:18 - 2012-09-03 11:42 - 00000132 ____A C:\Users\Daniel\AppData\Roaming\Adobe Targa Format CS6 Prefs
    2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
    2013-03-16 01:54 - 2013-03-16 01:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
    2013-03-13 09:04 - 2012-08-22 11:00 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-03-13 09:04 - 2012-08-22 11:00 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-03-12 18:17 - 2013-03-12 18:17 - 01790496 ____A C:\Users\Daniel\Downloads\).zip
    2013-03-12 18:17 - 2012-11-25 17:33 - 00018287 ____A C:\Windows\WindowsUpdate.log
    2013-03-11 09:30 - 2013-03-11 09:29 - 78242510 ____A C:\Users\Daniel\Downloads\Body_Bag-(DatPiff.com).zip
    2013-03-10 10:25 - 2012-09-03 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-03-09 17:23 - 2012-11-20 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-03-09 17:18 - 2012-11-25 20:29 - 00006122 ____A C:\Windows\PFRO.log
    2013-03-09 17:18 - 2012-11-05 18:43 - 00000000 ____D C:\ProgramData\Browser Manager
    2013-03-08 20:32 - 2013-02-25 18:10 - 00000000 ____D C:\Users\Daniel\Desktop\AftEffects_Premiere_pipeline
    2013-03-08 18:22 - 2013-03-08 18:22 - 00494425 ____A C:\Users\Daniel\Downloads\DvdDesignTemplates.zip
    2013-03-08 11:54 - 2013-03-08 11:53 - 00000000 ____D C:\Users\Daniel\Downloads\demoreel_cover
    2013-03-07 20:19 - 2013-03-07 20:19 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2013-03-07 20:19 - 2013-03-07 20:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2013-03-07 20:18 - 2013-03-07 20:18 - 40437664 ____A (Apple Inc.) C:\Users\Daniel\Downloads\QuickTimeInstaller.exe
    2013-03-07 10:11 - 2013-03-07 10:01 - 46814010 ____A C:\Users\Daniel\Documents\3D Animation_Live-action, Valentine's Day.mp4
    2013-03-07 10:03 - 2013-03-07 10:03 - 53862779 ____A C:\Users\Daniel\Documents\What Associates Say About Creative.mp4
    2013-03-07 10:03 - 2013-03-07 10:03 - 13346837 ____A C:\Users\Daniel\Documents\Massive Render Farm for 3D Artists and Videographers.mp4
    2013-03-07 10:03 - 2013-03-07 10:02 - 64412131 ____A C:\Users\Daniel\Documents\3D Animated Tour- MAI Suite.mp4
    2013-03-07 10:03 - 2013-03-07 10:02 - 37853025 ____A C:\Users\Daniel\Documents\Stylish Computer Cases Meet Hi-Tech Modding.mp4
    2013-03-07 10:03 - 2013-03-07 10:02 - 25250787 ____A C:\Users\Daniel\Documents\Modeling- Nikon D90.mp4
    2013-03-07 10:02 - 2013-03-07 10:02 - 10595101 ____A C:\Users\Daniel\Documents\Modeling- Studio Strobe.mp4
    2013-03-07 10:02 - 2013-03-07 10:02 - 10512768 ____A C:\Users\Daniel\Documents\Swag Animation- Sticking to the Path of Success.mp4
    2013-03-07 10:02 - 2013-03-07 10:02 - 10343879 ____A C:\Users\Daniel\Documents\Modeling- Panasonic AG AF100.mp4
    2013-03-07 10:02 - 2013-03-07 10:01 - 59910312 ____A C:\Users\Daniel\Documents\3D Animation_VFX, Jingle Bell 2011.mp4
    2013-03-07 10:02 - 2013-03-07 10:01 - 26964125 ____A C:\Users\Daniel\Documents\Concept Art meets 1000-core Render Farm.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 30828109 ____A C:\Users\Daniel\Documents\PMP Tech Promo.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 19786661 ____A C:\Users\Daniel\Documents\Dramatic 3D Lighting Effects on our Extreme PC Mod.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 18856382 ____A C:\Users\Daniel\Documents\Multimedia Rich Interactive Event Promo.mp4
    2013-03-07 10:01 - 2013-03-07 10:01 - 08668070 ____A C:\Users\Daniel\Documents\Concept character for Transformer Rigging.mp4
    2013-03-07 10:01 - 2013-03-07 10:00 - 56459559 ____A C:\Users\Daniel\Documents\What 3D Artists say about PMP Studios.mp4
    2013-03-07 10:01 - 2013-03-07 10:00 - 45511584 ____A C:\Users\Daniel\Documents\Acrylic PC Choreographed by our 3D Artists.mp4
    2013-03-07 10:01 - 2013-03-07 10:00 - 07729887 ____A C:\Users\Daniel\Documents\Transformer Rigging by our 3D Artists.mp4
    2013-03-07 10:00 - 2013-02-11 11:38 - 00000000 ____D C:\ProgramData\YTD Video Downloader
    2013-03-06 01:04 - 2012-09-04 10:29 - 00000000 ____D C:\ProgramData\e-onsoftware
    2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
    2013-03-04 12:23 - 2013-03-04 12:23 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2013-03-01 14:55 - 2012-10-02 10:48 - 00000132 ____A C:\Users\Daniel\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2013-02-25 18:19 - 2013-02-25 18:14 - 2656923418 ____A C:\Users\Daniel\Desktop\CristR.avi
    2013-02-24 20:42 - 2013-02-24 20:42 - 53765296 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22_Good.3gp
    2013-02-24 20:33 - 2013-02-24 20:33 - 08366263 ____A C:\Users\Daniel\Desktop\Swag Animation.mp4
    2013-02-24 20:12 - 2013-02-24 20:12 - 51795916 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB22.3gp
    2013-02-24 20:00 - 2013-02-24 20:00 - 03114504 ____A C:\Users\Daniel\Desktop\DanielVaz_3D_2013_FEB.3gp

    ZeroAccess:
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\@
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L\00000004.@
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L\201d3dde
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L\4cce1f70
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\00000004.@
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\00000008.@
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\000000cb.@
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1042.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1078.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1105.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1184.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz11D2.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1213.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1230.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz12F0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz12F1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1344.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1345.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz14A5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz14E5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1523.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1524.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz160E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz193F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1950.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1A81.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1A91.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1A9F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1AA0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1AFF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1B38.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1B9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1BEE.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1C47.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1CBA.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1CDD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1D1C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1D9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1E17.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1E7D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1E7E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz1EC3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz20D4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz20D9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2103.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2107.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz21A2.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz22A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz238.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2396.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2399.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz23C6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz23C9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2432.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz254F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2648.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz27AF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz27B0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz282C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2AC1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2B71.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2BB0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2CB6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2CFB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2D0D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2DC9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2FB3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2FB4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz2FF8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz303B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz30AD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz30C1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz30D8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3188.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz31B7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz327C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz327D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3312.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz33C6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3469.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz351.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3777.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz37C6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3853.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3909.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz396B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3A04.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3A23.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3A95.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3AD4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3AEF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3B9C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3B9D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3D8D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3D8E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3EE0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3FEC.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz3FFD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4014.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz406C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4086.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz40A9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz40F0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4176.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz41AF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz41FE.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz43DF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz45BD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4650.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz467A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz468A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4699.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz46B9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz475D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4776.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz47FA.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4817.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4854.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4893.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4992.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz49A2.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4A79.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4B0A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4B87.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4BD0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4C04.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4D44.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4DD9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4E50.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4E57.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4EB1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4F2A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4F81.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz4FDA.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz50ED.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5143.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5218.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5329.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5426.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5453.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5483.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5486.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5491.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5517.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5518.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz55BD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz55D4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz55E7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5690.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56A1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56B0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56C5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56C6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz56C8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5828.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz585C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz58B2.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz58F1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5A09.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5A84.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5AB4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5B13.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5B52.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5C08.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5C09.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5DC5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz5EE4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6011.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz61C4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6250.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6261.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6316.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz632B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz63C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz63C1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz63E1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6476.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz64F6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6525.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6623.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6708.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6790.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6826.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz688A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6920.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz696F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz699E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz69C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz69C7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6A49.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6A93.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6AD6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6D8E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6D8F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6E8A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz6EE9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz70E4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz711C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz71F3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz72B5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz72C6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7313.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7340.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7342.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz73A4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz73F1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7422.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz744C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz744D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7478.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7498.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7503.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7609.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7610.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7613.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7614.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76D2.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76EE.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76EF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz76FB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz774D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz77F8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz78D4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz78E5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz78E9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz790B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz798C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz799D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz79D7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7A41.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7AB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7AFD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7B32.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7B33.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7C9D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7CFB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7D3B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7DB8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7ED3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F00.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F70.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F8D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz7F90.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8007.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz801B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8078.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8140.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz81B9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz842E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz85F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz876.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz896.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8962.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8973.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8B78.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8BC7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8D4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8D8F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8DFE.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8E3E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8F5C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz8F8B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9008.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz90BF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9103.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9209.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9371.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz93E5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9463.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9474.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9482.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz951F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz95AB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz95D3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz95E0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9603.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9A9E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9A9F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9B0A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9B9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9BF6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9BF7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9BF8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9E8B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9EAC.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9F49.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trz9F74.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA07E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA285.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA2A4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA2B5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA56B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA58A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA637.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA6C0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA730.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA75D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzA80B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzAB4A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzABA7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzABE7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzADE9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzAF7A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB046.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB19.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB2D3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB360.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB48C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB4D2.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB670.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB68.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB715.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB734.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB791.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB82F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB83F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB88C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzB952.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBAE4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBAF5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBBA8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC20.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC45.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC55.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBC8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBCB9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBDA4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzBE80.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC065.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC149.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC156.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC16A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC16B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC238.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC372.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC389.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC453.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC4B0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC4C0.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC4FF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC5F9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC742.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC7CF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzC8F8.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCD53.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCD8F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCDA9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCDD9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCE4B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCEAB.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCF61.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzCF62.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD063.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD107.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD15E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD23F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD29C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD2CC.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD448.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD61A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD646.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD7E9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD8C4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD919.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD990.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzD9C7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDA0D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDA62.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDA7B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDB59.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDB7A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDB7B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDBFF.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDC1F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDC4E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDCBD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDD5E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDD68.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDDBC.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDEE3.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDF03.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDF7B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDFB9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzDFD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE009.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE153.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE32A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE34D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE3FA.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE53E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE60A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE686.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE6B6.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE6C5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE824.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzE825.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEA9A.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB48.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB49.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB4F.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB70.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEB91.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEBB1.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEBEE.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEC9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEF6D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzEF6E.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF0ED.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF0F5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF0FD.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF199.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF1AA.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF24C.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF2B4.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF2B5.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF3A9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF3D9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF4DC.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF523.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF542.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF57.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF606.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF61D.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF646.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF7F9.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF8D7.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzF955.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFB37.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFBDC.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFC1B.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFE61.tmp
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U\trzFFE0.tmp
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ZeroAccess:
    C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
    C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\@
    C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\L
    C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}\U
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2013-03-21 15:55:51
    ==================== Memory info ===========================
    Percentage of memory in use: 7%
    Total physical RAM: 16361.41 MB
    Available physical RAM: 15093.09 MB
    Total Pagefile: 16359.56 MB
    Available Pagefile: 15090.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:210.35 GB) NTFS
    2 Drive e: (GRMCENXVOL_EN_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF
    3 Drive f: (Iomega) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
    4 Drive g: (EXCERCISE) (Removable) (Total:7.21 GB) (Free:7.21 GB) FAT32
    5 Drive h: (Daniel_Iomega_HDD_500GB) (Fixed) (Total:465.02 GB) (Free:135.23 GB) NTFS
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 7389 MB 0 B
    Disk 2 Online 465 GB 62 MB
    Partitions of Disk 0:
    ===============
    Disk ID: E781FB54
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y System Rese NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 931 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Disk ID: C3072E18
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7385 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G EXCERCISE FAT32 Removable 7385 MB Healthy
    =========================================================
    Partitions of Disk 2:
    ===============
    Disk ID: 49A7D862
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 252 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H Daniel_Iome NTFS Partition 465 GB Healthy
    =========================================================
    ============================== MBR Partition Table ==================
    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: E781FB54
    Partition 1:
    =========
    Hex: 8020210007DF130C0008000000200300
    Active: YES
    Type: 07 (NTFS)
    Size: 100 MB
    Partition 2:
    =========
    Hex: 00DF140C07FEFFFF0028030000386D74
    Active: NO
    Type: 07 (NTFS)
    Size: 931 GB
    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: C3072E18
    Partition 1:
    =========
    Hex: 000001010B52D353801F0000C0CAE600
    Active: NO
    Type: 0B
    Size: 7 GB
    ==============================
    Partitions of Disk 2:
    ===============
    Disk ID: 0
    Partition 1:
    =========
    Hex: 0
    Active: NO
    Type: 0
    Size: 0 byte
    Partition 2:
    =========
    Hex: 0
    Active: NO
    Type: 0
    Size: 0 byte
    Partition 3:
    =========
    Hex: 0
    Active: NO
    Type: 0
    Size: 0 byte
    Partition 4:
    =========
    Hex: 0
    Active: NO
    Type: 0
    Size: 0 byte

    Last Boot: 2013-03-24 20:54
    ==================== End Of Log =============================
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    your services.exe file is still showing as infected, so let's find a replacement before we fix the other items in the log that need attention

    Please boot into the Recovery Environment as you did before and run FRST
    • type the following into the search box:services.exe
    • now press the search button
    • when the search is complete, search.txt will be written to your USB
    • type exit and reboot the computer normally
    • please copy and paste the log in your reply.(Search.txt)
     
  5. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    Farbar Recovery Scan Tool (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-03-25 19:01:17
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:


    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Code:
    start
    HKLM-x32\...\Run: [] [x]
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56}
    replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
    cmd: del /a/f/q c:\windows\tasks\at*.job
    end
    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options then select Command Prompt

    Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Reboot Normally.



    NEXT




    Refer to the ComboFix User's Guide

    1. Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-03-26 11:40:23 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{ea2dbd02-62a9-821b-6b93-55638ac31d56} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Users\Daniel\AppData\Local\{ea2dbd02-62a9-821b-6b93-55638ac31d56} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ========= del /a/f/q c:\windows\tasks\at*.job =========


    ========= End of CMD: =========


    ==== End of Fixlog ====
     
  8. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    I am about to download combo fix now
     
  9. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    I ran combo fix and it said my Avast was still running. I followed exactly the instructions in that link you sent me to disable it. I even Ctrl+alt+deleted and end processes on everything that said avast. It still said it was running...I continued with the scan anyway.

    Combo fix then deleted the most important folder that i needed for work. All my work was on it, and that was the only folder it deleted. If i didnt have a backup of this folder I would be in big trouble...why did it do this?

    I have attached the log to this post because it was to long.
     

    Attached Files:

    • log.txt
      File size:
      990.5 KB
      Views:
      1
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    the folder would have been targeted because of location most likely, do you need those files dequarantined or did your backup restore what you needed?

    Please run the following:

    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right-mouse click JRT.exe and select Run as administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message


    NEXT


    Download AdwCleaner from here and save it to your desktop.
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply


    NEXT

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  11. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    I have attached all the logs from each scan.
     

    Attached Files:

  12. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    Yeah and I backed up what I needed
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:


    Please download OTM by OldTimer.
    • Save it to your desktop.
    • Please click OTM and then click >> run.
    • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    C:\Adobe CS6 Master Collection\Adobe CS6 Master Collection\Crack\Patch.rar	
    C:\Adobe CS6 Master Collection\Adobe CS6 Master Collection\Crack\crack\cs6.patch.exe	
    C:\Daniel\Daniel\Data_Config Aug_15_2010\Computer Config\Drivers\Bamboo Fun Pen Tablet Win 7 64-bit driver\SoftonicDownloader30110.exe	
    C:\Daniel\Daniel\Downloads\KeyGen-v1.0.0.0_Installer.exe	
    C:\Daniel\GNOMON WORKSHOP The Techniques of Dusso vol.1\gnomon.iso	
    C:\Documents and Settings\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\46625efb-1688ccae	
    C:\Documents and Settings\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_de-DE_121023_14-28_19_0_3_47.exe	
    C:\Documents and Settings\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_en-II_120816_09-50_19_0_1_36.exe	
    C:\Documents and Settings\Daniel\Downloads\DAEMONToolsPro510-0333.exe	
    C:\Documents and Settings\Daniel\Downloads\Vray_Key_to_3D_Success.exe	
    C:\Program Files (x86)\Autodesk\Softimage 2013\Application\bin\mentalmill_plugins\gen_msl.dll	
    C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\46625efb-1688ccae	
    C:\Users\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_de-DE_121023_14-28_19_0_3_47.exe	
    C:\Users\Daniel\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2013_DLV_en-II_120816_09-50_19_0_1_36.exe	
    C:\Users\Daniel\Downloads\DAEMONToolsPro510-0333.exe	
    C:\Users\Daniel\Downloads\Vray_Key_to_3D_Success.exe	
    C:\Windows\Installer\abb9786.msi	
    
    :Commands
    [emptytemp]
    [Reboot]
    
    • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




    NEXT

    Visit ADOBE and download the latest version of Acrobat Reader (version XI)Having the latest updates ensures there are no security vulnerabilities in your system.Decline any additional installs that may be offered. NEXT

    [​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
    • Scroll down to where it says Java SE 7u17
    • Click the Download button under JRE to the right.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.
    • Decline any additional installs that may be offered.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are three options in the window to clear the cache - Leave these two Checked

        • Trace and Log Files
          Cached Applications and Applets
        • Click OK on Delete Temporary Files Window
          Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
        • Click OK to leave the Temporary Files Window
        • Click OK to leave the Java Control Panel.



    Please advise how the computer is running now and if there are any outstanding issues
     
  14. vaz21

    vaz21 Thread Starter

    Joined:
    Mar 24, 2013
    Messages:
    11
    I attached the OTM log.

    My computer seems to be running fine now. All malware seems to have been deleted.

    I will be doing a full system scan with Avast and I will let you know if it picks up anything in my next post.
     

    Attached Files:

  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    ok,

    let me know if there are any outstanding issues
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1094125