-
Infected with several rootkits
Hello,
My system has been acting slow lately, but nothing could detect the cause, so i gave Spybot Search & Destroy 2 Beta a whirl, and chose the Rootkit quick scan and what do you know it found several rootkits in my system, particularly:
C:\Windows\0
C:\Windows\system32\5-18
and C:\windows\<some weird characters here>, i have added the logs requested, please help
Also note that i ran Combofix and it found some other malware but nothing related to what S&D 2.0 found
Regards,
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by R0M at 4:47:49 on 2012-11-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1359 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\NetWorx\networx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Teco Image Systems\iCan-Print_Setup\pjsua_Win.exe
C:\Windows\system32\dns-sd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\taskeng.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program files\getright\xx2gr.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Facebook Update] "c:\users\r0m\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [PMX Daemon] ICO.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\getright.lnk - c:\program files\getright\GetRight.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ican-print server.lnk - c:\windows\installer\{c09424a2-9938-4370-884e-f33b753f511e}\_25EFA6BAAAE534F92BD016.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 24.201.245.77 24.200.241.37 24.200.243.189
TCP: Interfaces\{5AA86C8E-11D9-49BC-B0A3-5A4DAFD1F8E7} : DHCPNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
TCP: Interfaces\{873CAC62-B718-47D2-82ED-BE05D4BF6D88} : DHCPNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r0m\appdata\roaming\mozilla\firefox\profiles\3ha9f3yu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\r0m\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-14 17:28; 
; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-11-11 17904]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-7 49864]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-18 51976]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-11-11 3084176]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-12-22 110408]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-21 47640]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2012-10-29 21208]
R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2012-10-29 150168]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-8 27648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-6-13 248248]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-10-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-10-8 19008]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-27 127496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-11-11 54072]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-13 13224]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-8-17 22640]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-6 27192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-15 117672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-12-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-8 73728]
.
=============== Created Last 30 ================
.
2012-11-12 03:24:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-12 02:54:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 23:39:39 -------- d-----w- c:\users\r0m\appdata\local\temp
2012-11-11 23:38:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-11-09 17:19:55 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad0b4ccd-724e-4a54-b2b0-b517de94a2ce}\mpengine.dll
2012-10-31 23:58:38 -------- d-----w- c:\program files\Teco Image Systems
2012-10-30 02:56:33 -------- d-----r- C:\RavBin
2012-10-30 02:54:58 21208 ----a-w- c:\windows\system32\drivers\protreg.sys
2012-10-30 02:54:58 -------- d-----w- c:\program files\Rising
2012-10-30 02:54:41 -------- d-----w- c:\programdata\Rising
2012-10-28 20:41:38 -------- d-----w- c:\programdata\GFI Software
2012-10-26 21:41:49 -------- d-----w- c:\program files\common files\Western Digital
2012-10-26 21:41:48 -------- d-----w- c:\program files\Western Digital
2012-10-26 21:40:49 -------- d-----w- c:\users\r0m\appdata\local\Western Digital
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-20 10:29:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-11-12 03:05:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 03:05:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-05 20:32:56 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 20:32:56 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 20:32:55 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 20:32:55 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-05 08:08:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 08:08:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 20:02:43 108048 ----a-w- c:\windows\RegBootClean.exe
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 4:48:11.93 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 04:50:29
-----------------------------
04:50:29.311 OS Version: Windows 6.0.6002 Service Pack 2
04:50:29.311 Number of processors: 4 586 0xF0B
04:50:29.312 ComputerName: ROMSTER2 UserName: R0M
04:50:30.993 Initialize success
04:50:55.166 AVAST engine defs: 12111101
04:51:00.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:51:00.457 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
04:51:00.460 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
04:51:00.462 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
04:51:00.464 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
04:51:00.467 Disk 2 Vendor: Size: 953869MB BusType: 0
04:51:00.469 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007b
04:51:00.472 Disk 3 Vendor: Size: 953869MB BusType: 0
04:51:00.475 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007c
04:51:00.478 Disk 4 Vendor: Size: 953869MB BusType: 0
04:51:00.481 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007d
04:51:00.484 Disk 5 Vendor: Size: 953869MB BusType: 0
04:51:00.488 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
04:51:00.493 Disk 6 Vendor: Size: 953869MB BusType: 0
04:51:00.514 Disk 0 MBR read successfully
04:51:00.518 Disk 0 MBR scan
04:51:00.524 Disk 0 Windows VISTA default MBR code
04:51:00.529 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
04:51:00.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
04:51:00.553 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
04:51:00.571 Disk 0 scanning sectors +976771072
04:51:00.695 Disk 0 scanning C:\Windows\system32\drivers
04:51:11.830 Service scanning
04:51:33.878 Modules scanning
04:51:42.230 Disk 0 trace - called modules:
04:51:42.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
04:51:42.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a54c0]
04:51:42.294 3 CLASSPNP.SYS[8ada48b3] -> nt!IofCallDriver -> [0x8522c538]
04:51:42.299 5 acpi.sys[830956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ff0b98]
04:51:43.779 AVAST engine scan C:\Windows
04:51:52.920 AVAST engine scan C:\Windows\system32
04:54:22.138 AVAST engine scan C:\Windows\system32\drivers
04:54:33.384 AVAST engine scan C:\Users\R0M
06:19:08.902 AVAST engine scan C:\ProgramData
06:21:16.968 Scan finished successfully
12:35:53.441 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
12:35:53.508 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"
Facebook.Messenger: [SBI $63375265] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}
Facebook.Messenger: [SBI $9191B288] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}
Facebook.Messenger: [SBI $6D1029B1] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser
Facebook.Messenger: [SBI $7F45EA00] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser.1.0
Facebook.Messenger: [SBI $59117437] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Facebook
Facebook.Messenger: [SBI $62F77180] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}
Facebook.Messenger: [SBI $9051916D] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}
Facebook.Messenger: [SBI $573FFD1B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{132885F2-8DE9-40F2-BEAE-1B31FDBAB159}
Facebook.Messenger: [SBI $BAA66334] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3B692A7D-330E-4388-A955-724500AC0BC5}
Facebook.Messenger: [SBI $C061D222] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{649D9E01-9847-4EE9-9145-2CB4BC8298D0}
Facebook.Messenger: [SBI $6B188C64] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{71692661-DCBA-484A-BD41-A39404532B52}
Facebook.Messenger: [SBI $D849531E] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B72C7377-0AA5-4F52-BDA2-85C4D1DB930E}
Facebook.Messenger: [SBI $06D47759] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D0843545-5E7C-4C6D-B4E2-05948F759440}
Uniblue.DriverScanner: [SBI $5530A65D] Program directory (Directory, nothing done)
C:\Users\R0M\AppData\Roaming\Uniblue\
Uniblue.DriverScanner: [SBI $DE69382C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-11-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-10-31 Includes\Adware.sbi (*)
2012-11-07 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-10-16 Includes\Hijackers.sbi (*)
2012-11-07 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-11-07 Includes\MalwareC.sbi (*)
2012-10-24 Includes\PUPS.sbi (*)
2012-10-30 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-10-31 Includes\TrojansC-02.sbi (*)
2012-11-07 Includes\TrojansC-03.sbi (*)
2012-10-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
---------------------------------------------
Edit
Waiting for help in the Malware Forum FOUR days or longer?
Last edited by tashi; 2012-11-17 at 01:18.
Reason: Removed bump- as per FAQ, added link
-
hi oyehia,
Your post is a few days old. If you still need help simply reply back.
-
Yes i still need help, been waiting enough 
-
ok. The version of Spybot you have is a beta version. The stable version was released a few days ago. I would uninstall it via add/remove programs panel, reboot your machine then download and install the current version and run it.
-
K i get the following when i run Rootkit Scan
The quickscan found evidence suggesting a possible rootkit infection!
Detected items:
C:\windows\system32\5-18
C:\windows\system32\null
C:\windows\system32\??
Btw the system took a long time to boot after i uninstalled the old version
Regards,
-
Thats not a lot to go on. You ran tdsskiller, did it remove anything? You can find its log in your root drive, usually C:
TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (name,version#,date,time)
Please post the log.
Also looking in your root drive you will find a folder called Qoobox, inside this folder theres a text file called Combofix-quarantined-files.txt
Please copy/paste that log in your reply also.
-
It says the file is too huge to attach as txt, and i cannot paste it here again too large...
2012-11-11 18:16:09 . 2012-11-11 18:16:09 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHFB01.tmp.vir
2012-11-11 18:15:45 . 2012-11-11 18:15:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9E88.tmp.vir
2012-11-11 18:15:14 . 2012-11-11 18:15:14 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH251B.tmp.vir
2012-11-11 18:11:35 . 2012-11-11 18:11:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCE34.tmp.vir
2012-11-11 18:07:55 . 2012-11-11 18:07:55 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH70C9.tmp.vir
2012-11-11 18:05:55 . 2012-11-11 18:05:56 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9DAB.tmp.vir
2012-11-11 18:04:34 . 2012-11-11 18:04:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5FB9.tmp.vir
2012-11-11 18:04:20 . 2012-11-11 18:04:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH26C9.tmp.vir
2012-11-11 18:04:06 . 2012-11-11 18:04:06 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF25E.tmp.vir
2012-11-11 18:02:20 . 2012-11-11 18:02:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5383.tmp.vir
2012-11-11 17:58:39 . 2012-11-11 17:58:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF4EF.tmp.vir
2012-11-10 18:53:13 . 2012-11-10 18:53:13 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCBD8.tmp.vir
2012-11-10 18:51:45 . 2012-11-10 18:51:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH76CF.tmp.vir
2012-11-10 18:51:08 . 2012-11-10 18:51:08 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE64B.tmp.vir
2012-11-10 18:46:42 . 2012-11-10 18:46:42 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD70A.tmp.vir
2012-11-10 18:46:33 . 2012-11-10 18:46:33 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB207.tmp.vir
2012-11-10 18:43:35 . 2012-11-10 18:43:35 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHFA1C.tmp.vir
2012-11-10 18:43:21 . 2012-11-10 18:43:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC62B.tmp.vir
2012-11-10 18:42:55 . 2012-11-10 18:42:55 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5D51.tmp.vir
2012-11-10 18:40:31 . 2012-11-10 18:40:31 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH29FA.tmp.vir
2012-11-10 18:37:21 . 2012-11-10 18:37:21 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH468F.tmp.vir
2012-11-10 18:36:38 . 2012-11-10 18:36:38 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9C5F.tmp.vir
2012-11-10 18:34:45 . 2012-11-10 18:34:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE52C.tmp.vir
2012-11-10 18:33:49 . 2012-11-10 18:33:49 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9A7.tmp.vir
2012-11-10 18:32:00 . 2012-11-10 18:32:00 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5D72.tmp.vir
2012-11-10 18:30:27 . 2012-11-10 18:30:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF3EB.tmp.vir
2012-11-10 18:29:31 . 2012-11-10 18:29:31 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH17AC.tmp.vir
2012-11-10 18:28:28 . 2012-11-10 18:28:28 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2252.tmp.vir
2012-11-10 18:27:52 . 2012-11-10 18:27:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH964C.tmp.vir
2012-11-10 18:25:52 . 2012-11-10 18:25:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC24D.tmp.vir
2012-11-09 21:06:51 . 2012-10-15 19:32:21 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4c60eb11-6b95-4209-bb3d-73f364248e17.dll.vir
2012-11-09 21:06:50 . 2012-10-15 19:30:11 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll.vir
2012-11-09 21:06:49 . 2012-10-29 23:35:26 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll.vir
2012-11-09 21:06:48 . 2012-10-29 23:21:06 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll.vir
2012-11-09 21:06:48 . 2012-10-29 18:42:41 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll.vir
2012-11-09 21:06:47 . 2012-10-29 17:56:59 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll.vir
2012-11-09 21:06:46 . 2012-10-29 17:15:41 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll.vir
2012-11-09 21:06:45 . 2012-11-07 23:20:30 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll.vir
2012-11-09 21:06:44 . 2012-10-29 16:29:14 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll.vir
2012-11-09 21:06:43 . 2012-10-29 16:09:42 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll.vir
2012-11-09 21:06:42 . 2012-10-29 15:47:59 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll.vir
2012-11-09 21:06:41 . 2012-10-29 15:31:01 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll.vir
2012-11-09 21:06:40 . 2012-10-29 15:16:52 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll.vir
2012-11-09 21:06:39 . 2012-10-29 14:56:50 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll.vir
2012-11-09 21:06:39 . 2012-10-27 00:22:07 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll.vir
2012-11-09 21:06:38 . 2012-10-26 23:47:23 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll.vir
2012-11-09 21:06:37 . 2012-10-26 23:18:39 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll.vir
2012-11-09 21:06:35 . 2012-10-26 23:07:14 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll.vir
2012-11-09 21:06:34 . 2012-10-23 22:29:19 64,120 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll.vir
2012-11-09 21:06:34 . 2012-10-19 22:01:38 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll.vir
2012-11-09 21:06:34 . 2012-10-19 18:36:29 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll.vir
2012-11-09 21:06:33 . 2012-10-16 00:36:02 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll.vir
2012-11-09 18:33:07 . 2012-11-09 18:33:07 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH60A.tmp.vir
2012-11-09 18:32:25 . 2012-11-09 18:32:25 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH62CB.tmp.vir
2012-11-09 18:29:22 . 2012-11-09 18:29:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9867.tmp.vir
2012-11-09 18:29:09 . 2012-11-09 18:29:09 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH6699.tmp.vir
2012-11-09 18:28:22 . 2012-11-09 18:28:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHADD9.tmp.vir
2012-11-09 18:27:41 . 2012-11-09 18:27:41 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE12.tmp.vir
2012-11-09 18:26:36 . 2012-11-09 18:26:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH1062.tmp.vir
2012-11-09 18:21:09 . 2012-11-09 18:21:09 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH13E5.tmp.vir
2012-11-09 18:16:41 . 2012-11-09 18:16:41 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF921.tmp.vir
2012-11-09 18:16:26 . 2012-11-09 18:16:26 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC0AE.tmp.vir
2012-11-09 18:15:50 . 2012-11-09 18:15:50 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH33EA.tmp.vir
2012-11-09 18:13:44 . 2012-11-09 18:13:44 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH489F.tmp.vir
2012-11-09 18:12:31 . 2012-11-09 18:12:31 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2BA5.tmp.vir
2012-11-09 18:11:30 . 2012-11-09 18:11:30 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3BBD.tmp.vir
2012-11-09 18:10:19 . 2012-11-09 18:10:19 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2682.tmp.vir
2012-11-09 18:09:39 . 2012-11-09 18:09:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8902.tmp.vir
2012-11-09 18:09:16 . 2012-11-09 18:09:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2E8D.tmp.vir
2012-11-09 18:07:14 . 2012-11-09 18:07:14 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH546A.tmp.vir
2012-11-09 18:05:33 . 2012-11-09 18:05:33 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC749.tmp.vir
2012-11-09 18:03:23 . 2012-11-09 18:03:23 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCAFF.tmp.vir
2012-11-09 18:00:58 . 2012-11-09 18:00:58 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH955D.tmp.vir
2012-11-09 17:59:52 . 2012-11-09 17:59:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9450.tmp.vir
2012-11-09 17:59:36 . 2012-11-09 17:59:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH55D5.tmp.vir
2012-11-09 17:58:54 . 2012-11-09 17:58:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB38F.tmp.vir
2012-11-09 17:32:01 . 2012-11-09 17:32:01 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH128D.tmp.vir
2012-11-09 17:30:54 . 2012-11-09 17:30:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF9E.tmp.vir
2012-11-09 17:30:28 . 2012-11-09 17:30:28 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA898.tmp.vir
2012-11-09 17:30:13 . 2012-11-09 17:30:13 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH6D77.tmp.vir
2012-11-09 17:29:58 . 2012-11-09 17:29:58 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3275.tmp.vir
2012-11-09 17:28:56 . 2012-11-09 17:28:56 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH4152.tmp.vir
2012-11-09 17:28:27 . 2012-11-09 17:28:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD07C.tmp.vir
2012-11-09 17:27:10 . 2012-11-09 17:27:10 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA2B7.tmp.vir
2012-11-09 17:26:54 . 2012-11-09 17:26:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH63BF.tmp.vir
2012-11-09 17:26:39 . 2012-11-09 17:26:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2B6C.tmp.vir
2012-11-09 17:25:16 . 2012-11-09 17:25:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE4AD.tmp.vir
2012-11-08 17:38:27 . 2012-11-08 17:38:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH99C5.tmp.vir
2012-11-08 17:36:54 . 2012-11-08 17:36:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2F3E.tmp.vir
2012-11-08 17:35:16 . 2012-11-08 17:35:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHAE77.tmp.vir
2012-11-08 17:33:25 . 2012-11-08 17:33:25 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHFFD7.tmp.vir
2012-11-08 17:32:34 . 2012-11-08 17:32:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH37DB.tmp.vir
2012-11-08 17:29:46 . 2012-11-08 17:29:46 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA682.tmp.vir
2012-11-08 17:28:24 . 2012-11-08 17:28:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH662B.tmp.vir
2012-11-08 17:27:05 . 2012-11-08 17:27:05 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH30B4.tmp.vir
2012-11-08 17:26:39 . 2012-11-08 17:26:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCA1B.tmp.vir
2012-11-08 17:25:35 . 2012-11-08 17:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD000.tmp.vir
2012-11-08 17:24:15 . 2012-11-08 17:24:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9AD3.tmp.vir
2012-11-08 17:23:30 . 2012-11-08 17:23:30 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE81C.tmp.vir
2012-11-08 17:23:12 . 2012-11-08 17:23:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA407.tmp.vir
2012-11-08 17:22:24 . 2012-11-08 17:22:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE6A4.tmp.vir
2012-11-08 17:21:01 . 2012-11-08 17:21:01 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA20A.tmp.vir
2012-11-08 17:17:39 . 2012-11-08 17:17:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8C88.tmp.vir
2012-11-08 17:16:59 . 2012-11-08 17:16:59 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHEF6F.tmp.vir
2012-11-08 17:16:42 . 2012-11-08 17:16:42 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHAFDC.tmp.vir
2012-11-08 17:14:40 . 2012-11-08 17:14:40 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD293.tmp.vir
2012-11-08 17:11:46 . 2012-11-08 17:11:46 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH28A5.tmp.vir
2012-11-08 17:11:15 . 2012-11-08 17:11:15 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB012.tmp.vir
2012-11-08 17:10:43 . 2012-11-08 17:10:43 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3444.tmp.vir
2012-11-08 17:10:33 . 2012-11-08 17:10:33 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHEC5.tmp.vir
2012-11-08 17:10:22 . 2012-11-08 17:10:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE080.tmp.vir
2012-11-08 17:08:06 . 2012-11-08 17:08:06 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCFE9.tmp.vir
2012-11-08 17:07:51 . 2012-11-08 17:07:51 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9268.tmp.vir
2012-11-07 18:00:20 . 2012-11-07 18:00:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH838D.tmp.vir
2012-11-07 17:57:42 . 2012-11-07 17:57:42 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH1A46.tmp.vir
2012-11-07 17:57:24 . 2012-11-07 17:57:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD101.tmp.vir
2012-11-07 17:56:52 . 2012-11-07 17:56:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH54A8.tmp.vir
2012-11-07 17:52:36 . 2012-11-07 17:52:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH6C56.tmp.vir
2012-11-07 17:52:20 . 2012-11-07 17:52:21 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH30D9.tmp.vir
2012-11-07 17:50:53 . 2012-11-07 17:50:53 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHDC86.tmp.vir
2012-11-07 17:48:18 . 2012-11-07 17:48:18 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH7C02.tmp.vir
2012-11-07 17:47:38 . 2012-11-07 17:47:38 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE034.tmp.vir
2012-11-07 17:47:20 . 2012-11-07 17:47:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9A89.tmp.vir
2012-11-07 17:43:27 . 2012-11-07 17:43:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC57.tmp.vir
2012-11-07 17:41:47 . 2012-11-07 17:41:47 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH84A3.tmp.vir
2012-11-07 17:41:34 . 2012-11-07 17:41:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5219.tmp.vir
2012-11-07 17:40:22 . 2012-11-07 17:40:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH38F5.tmp.vir
2012-11-07 17:38:30 . 2012-11-07 17:38:30 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8484.tmp.vir
2012-11-07 17:37:06 . 2012-11-07 17:37:07 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3D8F.tmp.vir
2012-11-07 17:36:32 . 2012-11-07 17:36:32 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB6BA.tmp.vir
2012-11-07 17:35:28 . 2012-11-07 17:35:29 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHBEA9.tmp.vir
2012-11-07 17:34:49 . 2012-11-07 17:34:49 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH24BC.tmp.vir
2012-11-07 17:34:16 . 2012-11-07 17:34:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA3D0.tmp.vir
2012-11-07 17:31:35 . 2012-11-07 17:31:35 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2DE5.tmp.vir
2012-11-07 17:31:19 . 2012-11-07 17:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF025.tmp.vir
2012-11-07 17:29:54 . 2012-11-07 17:29:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA339.tmp.vir
2012-11-07 17:29:24 . 2012-11-07 17:29:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2F19.tmp.vir
2012-11-07 17:21:10 . 2012-11-07 17:21:10 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA5FA.tmp.vir
2012-11-07 17:20:47 . 2012-11-07 17:20:47 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH49E0.tmp.vir
2012-11-07 17:18:40 . 2012-11-07 17:18:40 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5B3F.tmp.vir
2012-11-07 17:15:03 . 2012-11-07 17:15:03 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9CE.tmp.vir
2012-11-07 17:14:50 . 2012-11-07 17:14:50 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD716.tmp.vir
2012-11-07 17:08:02 . 2012-11-07 17:08:02 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9C4B.tmp.vir
2012-11-07 17:06:12 . 2012-11-07 17:06:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHEF65.tmp.vir
2012-11-07 17:05:34 . 2012-11-07 17:05:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5B6B.tmp.vir
2012-11-05 16:42:45 . 2012-11-05 16:42:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH336E.tmp.vir
2012-11-05 16:39:49 . 2012-11-05 16:39:49 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8341.tmp.vir
2012-11-05 16:37:36 . 2012-11-05 16:37:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH7BA3.tmp.vir
2012-11-04 21:16:39 . 2012-11-04 21:16:39 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2012-09-11 14:26:07 . 2012-09-11 14:26:07 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-28434373.sys.reg.dat
2012-09-08 08:03:04 . 2012-09-07 22:15:32 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll.vir
2012-09-07 21:36:37 . 2012-09-05 18:51:41 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll.vir
2012-09-01 13:02:29 . 2012-07-13 21:16:44 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4a6ad3dd-db4c-4c85-a238-f9483baae32d.dll.vir
2012-09-01 13:02:29 . 2012-07-13 21:15:19 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll.vir
2012-09-01 13:02:29 . 2012-07-11 18:04:05 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll.vir
2012-09-01 13:02:28 . 2012-07-10 16:15:44 25,720 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll.vir
2012-09-01 13:02:28 . 2012-07-10 16:02:48 25,720 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll.vir
2012-09-01 13:02:28 . 2012-01-19 21:45:33 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll.vir
2012-09-01 13:02:28 . 2012-01-19 21:27:18 35,408 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll.vir
2012-09-01 13:02:28 . 2011-10-17 21:29:28 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll.vir
2012-09-01 13:02:27 . 2011-09-30 20:04:38 47,696 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll.vir
2012-09-01 13:02:27 . 2011-08-24 20:34:44 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll.vir
2012-09-01 13:02:27 . 2011-07-19 22:58:09 31,312 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll.vir
2012-09-01 13:02:26 . 2011-07-19 20:21:07 59,984 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll.vir
2012-09-01 13:02:26 . 2011-07-20 15:50:28 47,696 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll.vir
2012-09-01 13:02:26 . 2011-06-24 20:25:37 64,080 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:27:44 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:24:07 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:21:06 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:15:41 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:12:01 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:07:28 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll.vir
2012-09-01 13:02:25 . 2011-06-15 16:49:58 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll.vir
2012-09-01 13:02:25 . 2011-06-14 21:52:29 23,632 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll.vir
2012-09-01 13:02:25 . 2011-06-08 15:58:11 23,632 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll.vir
2012-09-01 13:02:25 . 2011-06-03 22:58:24 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll.vir
2012-09-01 13:02:25 . 2011-05-19 15:43:17 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll.vir
2012-09-01 13:02:25 . 2011-05-17 20:45:07 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll.vir
2012-09-01 13:02:24 . 2011-05-03 15:53:41 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll.vir
2012-09-01 13:02:24 . 2011-05-03 15:47:20 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll.vir
2012-09-01 13:02:24 . 2011-05-06 19:56:12 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll.vir
2012-09-01 13:02:24 . 2011-05-06 15:01:51 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll.vir
2012-09-01 13:02:23 . 2011-05-03 18:56:09 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll.vir
2012-09-01 13:02:23 . 2011-04-26 19:48:08 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll.vir
2012-09-01 13:02:22 . 2011-04-26 19:41:21 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll.vir
2012-09-01 13:02:22 . 2011-04-19 23:28:55 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll.vir
2012-09-01 13:02:22 . 2011-04-19 22:35:27 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll.vir
2012-09-01 13:02:22 . 2011-04-19 22:27:55 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll.vir
2012-09-01 13:02:22 . 2011-04-14 19:50:42 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll.vir
2012-09-01 13:02:22 . 2011-04-14 18:13:04 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll.vir
2012-09-01 13:02:21 . 2011-04-14 17:43:30 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll.vir
2012-09-01 13:02:20 . 2011-04-12 20:44:49 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll.vir
2012-09-01 13:02:20 . 2011-04-11 16:48:37 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll.vir
2012-09-01 13:02:19 . 2011-04-11 16:41:44 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll.vir
2012-09-01 13:02:19 . 2011-04-11 16:16:57 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll.vir
2012-09-01 13:02:19 . 2011-04-11 16:12:06 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll.vir
2012-09-01 13:02:18 . 2011-04-11 16:07:14 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll.vir
2012-09-01 13:02:18 . 2011-04-11 16:01:58 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll.vir
2012-09-01 13:02:18 . 2011-04-11 15:52:23 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll.vir
2012-09-01 13:02:18 . 2011-04-08 20:42:57 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll.vir
2012-09-01 13:02:17 . 2011-04-08 20:20:45 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll.vir
2012-09-01 13:02:17 . 2011-04-08 20:12:16 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll.vir
2012-09-01 13:02:17 . 2011-04-08 20:04:03 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll.vir
2012-09-01 13:02:17 . 2011-04-08 19:56:03 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll.vir
2012-09-01 13:02:17 . 2011-04-08 18:27:10 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll.vir
2012-09-01 13:02:17 . 2011-04-08 18:12:56 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll.vir
2012-09-01 13:02:16 . 2011-04-08 17:57:00 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll.vir
2012-09-01 13:02:16 . 2011-04-08 17:28:00 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll.vir
2012-09-01 13:02:16 . 2011-04-08 16:59:03 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll.vir
2012-09-01 13:02:16 . 2011-04-07 00:24:19 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll.vir
2012-09-01 13:02:15 . 2011-04-07 00:09:39 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll.vir
2012-09-01 13:02:13 . 2011-03-24 17:41:34 719,440 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll.vir
2012-08-31 20:47:07 . 2012-08-31 20:47:07 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-BsScanner.reg.dat
2012-08-31 20:46:57 . 2012-08-31 20:46:57 184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-G Data AntiVirus Tray Application.reg.dat
2012-08-31 20:46:55 . 2012-08-31 20:46:55 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Skype.reg.dat
2012-08-31 20:46:55 . 2012-08-31 20:46:55 191 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Facebook Update.reg.dat
2012-08-31 20:46:55 . 2012-08-31 20:46:55 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{124D001A-BDCB-472F-AA59-BBE7E4BC3204}.reg.dat
2012-08-31 20:40:20 . 2012-11-11 23:35:33 11,995 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-31 20:26:13 . 2012-11-11 23:24:25 299 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-08-29 04:44:46 . 2012-08-29 19:49:58 217,088 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\Skype\Phone\Skype.exe.vir
2012-05-06 16:27:40 . 2012-05-06 16:27:41 117,723 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\yuvcodecs-1.3.exe.vir
2012-05-06 16:27:35 . 2012-05-06 16:27:39 5,514,668 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\ImgBurn.exe.vir
2012-04-13 19:04:50 . 2012-04-13 19:04:50 87,608 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\inst.exe.vir
-
I manage to zip it after copying it, so see attachment...
thanks,
-
I also have these logs:
RootAlyzer Quick Scan Results
Files in Windows folder
----------------------------------------
145 files were tested.
No hidden files detected.
========================================
Files in System folder
----------------------------------------
3 hidden out of 2804 files were detected.
Hidden files: 5-18,null,ޝ
C:\Windows\System32\5-18
C:\Windows\System32\null
C:\Windows\System32\ޝ
========================================
Global run entries
----------------------------------------
No hidden entries detected.
========================================
Winlogon entries
----------------------------------------
No hidden entries detected.
========================================
Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 84 processes.
No hidden processes detected.
========================================
Invisible processes (from threads)
----------------------------------------
84 processes tested.
No hidden processes detected.
========================================
Master Boot Records
----------------------------------------
2 MBRs checked.
No unknown MBRs detected.
========================================
// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Hidden file","C:\Windows\System32\5-18"
File:"Hidden file","C:\Windows\System32\null"
File:"Hidden file","C:\Windows\System32\ޝ"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0309A9A2-E90E-4B47-9CC0-603E94EF27B1}-32475_10150224466860721_573800720_12972837_6783194_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{037A0AA9-2BE0-4D6D-9969-41345A4C67A1}-n733135516_4033371_719_Cartoonizer_2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{056686A3-D0F8-4CD4-B5E7-42BA8243F89C}-Isza Lagce4.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0619EF6C-15E4-4A43-813E-CA6CE428FE8D}-Tony [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{06D77211-C508-4A2F-9D0B-B841A7C47523}-peinture [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{07338F92-5905-4194-8B8F-E813722D8D38}-Shandi2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{07679C4A-239C-4EA1-A760-E671AC03BC0A}-hotStufff4.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0ABB9406-53CC-43A1-A7D6-715E96BF829B}-Melissa Cote.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0ACD7377-87F2-422A-8749-5F3CB0D55763}-Kathleen [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0D3AE1F8-4164-4C6F-87BC-336487FF10A9}-29136_1204209083615_1780271549_377410_7428358_n_Grunge_4 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0D434CAB-EEAA-4BCF-A5F2-BEDD7F1B1EC0}-Rachel [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0E498728-83BC-42CE-AD2F-19D0C9FFE5D4}-n575780000_2700127_9391_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{10063775-9A52-495E-AD0E-BE4B121F1622}-Katryna [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{10C2480D-B007-45DA-8B95-AA7545089088}-ClaudiaL [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{11071066-D777-43F8-98B7-3DDD714075D9}-Lorena [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{112D6BAB-E53D-4875-A5F4-670F08424773}-Fanny [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{11B84664-58B5-472B-8513-F559982AC943}-HotStufff5.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1377DDDB-5C8A-4286-8273-81239811E2D7}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1683575B-643A-4F23-9C0C-D4BBF88D4511}-Jessica Cullen.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{16864F17-D542-45C2-96D9-0CFCDED2C48E}-Charlie [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{17D4D076-A66B-4F3F-8119-3D608E2B602C}-30129_10150219570445193_530450192_12986068_6014639_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1896F291-E33B-46C4-8368-2C4EFFB5DC91}-SAM_1568 [1600x1200].JPG:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1AAA26E7-619F-45DD-A66B-79B0876A4ABE}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1D3FAF0D-91DF-4C1A-A537-302EBD5D631F}-Julie Comics.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1D95A805-608E-4854-AB94-CB621383D07C}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1E2E7444-90CD-4136-8626-DA1E0AE10251}-Josianne [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1F8309C0-9297-4182-BFC0-DAE2082BFCAA}-6300_120708975893_712255893_2868198_4842978_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{20D417CA-7B7D-4ADF-B667-BC80693D0086}-Tania [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{222BEF4B-348D-461B-AA92-6D621E8C33F3}-goldfinger [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{22478CA3-CD22-473F-803D-CFB0D3CFF7F6}-Rachy [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{22E9C6C1-F7CD-442C-B75F-17389D93CACF}-Aryane Dery.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{250252A1-22AF-4811-9596-631C7546DACF}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{26409094-18E6-4129-B634-CCC8C7D357F9}-Isza [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{270C25B2-4D74-4B85-83E0-BF816F4C3318}-Julien [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{28F54EA6-BFCF-40DD-AC29-186D769418C4}-Manon Guay Robillard 2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{29FF7087-2424-4ACE-B152-F95CF0F27DF7}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2C15DACA-1353-4ED9-8349-17CE4C249A86}-Carianne Legare.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2DEBA30A-3EB1-4A27-ADBF-608D47680A29}-JessicaC [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2EDF316B-9FAF-4C70-B795-713A03E769BF}-Christine Benjamin.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2EFF1978-75E7-4E4A-B613-88C9B73E6BB9}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2F0600AA-63BF-4FA8-9EF5-F597FFFE21FF}-6290_125502975046_563605046_2918249_5598068_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2F99C606-C4A9-4F71-A4CD-AB3AE4A91384}-26693_134812806546260_100000526255100_272930_7822449_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2FD10C1D-5925-4513-B748-9616CE5CC1B6}-Amilouis Bujold.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{30B65421-F1DE-4106-A424-93FABE29A694}-32079_10150207737490193_530450192_12617558_6549675_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{30FF6953-2D52-4836-9182-1E7291118437}-Dave McLellan.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{31F2A73D-E669-40A2-8540-B205FA26B8D2}-29445_443979009808_656964808_5621240_7406873_n_Grunge_7 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3473E0D4-4AB7-43EE-8081-19E8D6F02F59}-Jimmy [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{373E265E-EE40-4145-928F-24CCED42D491}-Philippe Valancourt.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{37B9789C-D145-43F7-9668-CEF5B59BDBD8}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3848679F-770F-42CB-A5E5-D735C048CC4B}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{39E9E454-56ED-4237-9F41-4096D8BADA1C}-Jolyne [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3A7DDD45-D16A-42F0-B0C4-A0FBFF098E82}-Valery [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3A9543CD-7A7C-4D35-BA58-B43CC961A822}-Tascha [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3D10015F-3D52-4F1A-AB02-CCA4B4FF7F15}-coeur [1600x1200] (2).jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3EAA8304-7D2C-4D9B-987F-D24BA19D4E66}-Myriam [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3F5D3029-D095-4CC1-9740-A8965B858B48}-14349_180654726287_570841287_3517452_3357405_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{40735087-F687-4BA0-9C3F-9EFA786A79BD}-Dom H.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{41E6E6FC-D261-438A-8BDE-2085412B2886}-hotStuff [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{43C1D3F0-D8CD-4D6A-BAD9-881B82CE7087}-Mandy Lussier.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{44532E00-99C2-4733-90D4-D36F0E42BFFA}-Andrea [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{46467985-1A73-49CD-A63E-B848955E4D2A}-Bio Hazard.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4BE902BC-BEB4-4C92-8C39-82F799BC8DA0}-Fanny Wonder.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4E3A88B8-B869-45CD-9E74-1A0682F034C3}-Peter Parker.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4FAABA9C-90B9-47A7-8A9C-9C87864680DA}-Shandi [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4FDD166A-07A9-4850-BE15-1AA7563A6981}-Steph Rock N Roll [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{51A655E9-9333-48F6-A9CE-0ED0CDB7B535}-Hotty Vaness [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5645206C-520F-4487-9F2E-5574651A4949}-Dominique [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5A70F5A4-ADB1-412C-A4C5-2A7404150AAC}-17069_244625307638_522837638_3399072_7792450_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5CE59D89-6183-4BA6-827A-0FCCA11A4521}-Rebeca Tarta.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5D60F854-BE58-4959-834E-310BC113CAC4}-Anne-Sophie [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5E34288A-F7BD-4387-8210-518E8AEB1952}-Karine Vandal.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5E83F947-723A-4D38-8C4E-887465CA5710}-SAM_1565 [1600x1200].JPG:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5F45E5B6-C515-4DA6-9DD2-E016A5BEE6BD}-StephanieP [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{616741CE-06C8-4690-B3BF-C0D37D397F63}-Marie [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{61A0B21D-8864-4C22-B12D-49F0918C5966}-Ashley [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{65FC0D80-7A2B-42D2-9834-E61D2B06BC34}-Isza Lagce4.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{662BE7F1-12BF-47CE-B370-D71A05BE552E}-24861_359871080078_607705078_4204839_6101661_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{691A5D4B-AE70-4E5A-B004-F39322E68D87}-Carolann [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{69FCD9AA-5516-46CE-9F39-2AB06AAE01C0}-Vero [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6D085BD1-A8F7-4FB3-88B4-08604B327A01}-Tania [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6DD935D5-240A-47B2-BF4C-03E8C7A84ECD}-28126_429024810029_634965029_5936947_2221121_n [1600x1200]_Sunburst_4 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6F37D3F5-6F29-4C8B-A91F-91DAE2C894A1}-Isza4 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6F7873E7-B078-47CB-87F1-C37FA7C87F68}-coeur [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{700027AF-783E-47BE-BD5B-96926BB325AE}-Tony [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{70CFF3F5-994C-430C-85E6-490F6AC9A008}-Isza Lagce4.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{734D36BB-FC9F-4469-A24E-97291B5091E2}-Johnny [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7680C6F8-2C28-49C8-BA31-DE16A3CBE148}-KaryneG [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{778CD583-D930-4934-AB64-3D7192D9696A}-JessicaH [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7966021F-797F-4F9C-B1DF-AD199F15EBBC}-noncerner.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{797A3286-DA3E-46C5-A5B5-8DE3A6B80392}-Fanny Lapointe.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7A098D52-D963-4BC7-810F-8B85D3747C56}-29136_1204209083615_1780271549_377410_7428358_n_Grunge_4 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7A9BEAF3-A2D6-499C-99A1-CF012F43EB7B}-Rachel Doyer.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7C79725F-F48D-4B22-ACC5-68038F8F0696}-Andrew Searles.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8094F38E-DFEB-45E6-99A1-89149CC9FD0C}-Stacey Shine.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{863D4663-6B8A-4453-985B-5BAC7534C9DB}-5187_93420152985_513412985_2138705_6008627_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{86631D5C-830E-4600-85CA-22007F2E41B3}-Julie Pontbriand.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{868F0314-2DCD-441B-AFF8-91F38E4ED2FA}-Mamzell NonNon.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{87801F8E-BE86-4EF3-9E04-F18B514EC822}-Anny [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{880832E3-6E6D-444A-9D36-945134604143}-5774_123969658716_706618716_2503273_2563082_n (1) [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{88710021-F653-4BFE-9744-CFF431D680BD}-Julie Charbonneau [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8AD0251C-B994-408B-B6FA-8A3177BE22F4}-Roxanne Vie.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8DDE6710-2CE7-4044-8CA0-5B79F7463A67}-n1048299949_30145876_9788 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8ECB50A3-B754-41E8-9C53-3FFC87FF0213}-Emilie [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9043C6C5-F765-4A94-B71E-908C59FDF419}-Meow [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9154FE71-9347-4391-AA6F-51CED23A75ED}-25919_377240012081_727872081_4705044_4567766_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{92032CF6-B012-49DD-A0DB-DF1941B9BC33}-Isza Lagace 3.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9580A29D-ABC9-4294-B183-88DB60361916}-MelissaG [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9B2EA937-27BF-4890-82C2-9E4C790FA671}-34218_411454081051_513686051_4402636_4848296_n_Sunburst_2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9D7D9AFB-84BB-4C3A-B5FC-D3F21E6E4143}-NicolaB [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9D8BFC65-5B34-4B4A-BA19-DF9D1FA25110}-SAM_0669_Cartoonizer_2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9EC141D0-52B5-49E0-BD76-3DF37590C030}-Jonathan Latour.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9F705F08-98A1-406D-BEAB-06579D66BEE0}-Roxanne Vie.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9FF33A2A-C544-47B5-9F84-17DADAA8F27E}-Anne-Sophie Rivest [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A158B4FE-B233-4C53-B930-EA69DF059086}-5180_103336466287_570841287_2590868_6926508_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A2C6E346-50A9-43D3-9E3F-027D67DEE4F7}-Tony [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A48DEE78-7925-4CF7-B934-F91F26351C83}-19051_466196125720_573800720_10780011_3238167_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A5FE0248-EB03-4942-8F70-1B47CFCEFB8D}-Tasha [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AAA6DADD-7B05-469C-A24D-6F13AF21FA89}-oops [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AB13F844-5873-48FA-89E9-0725FBBCC5DD}-Anais [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AB956BAB-A181-4248-B3DF-63C5033F2BA5}-28976_10150177967560542_691895541_12263889_285050_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ABBF77F0-F0E8-4795-9B92-5276CEE55B70}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ACC84FB7-4BE4-45CC-8BA7-9262ED5BA96F}-Veronique [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ACDE46DD-1706-494F-A74F-C4C39B05A2F0}-Julie_Comics [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AD6CC754-0ADE-408E-89F3-AC3A39AC7C6B}-Andrea [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AEC5C334-AA49-40A7-8521-893D81EAD6C5}-Yann Roux Poulette.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B1B91330-F24F-48C5-9B99-92E36503CF9D}-Jimmy Black.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B2D5D9B0-A38F-4F14-BF8C-C84F42F2C99B}-Jamila [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B2DF8C89-E8B6-4E1D-BD93-DAD05331F063}-Christelle [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B2E6CDE4-7707-41BC-BCCA-458A53E9DA64}-32079_10150207737490193_530450192_12617558_6549675_n_Sunburst_4 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B318F3BE-D2C1-42BF-9BF4-E1583558903F}-Cyn [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B5853C9F-C045-400F-8AB3-1088C2E46752}-ClaudiaLa [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B5B22391-02AB-439E-BA84-FA7A1F078FAD}-Kath [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B8E0D50F-575D-4BA3-A55D-3D9DA3817619}-Roxanne L [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{BCEC21FF-1E88-4E06-AFDE-DD3293213149}-STA70662_Cartoonizer_2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{BFAABC61-4EC2-4D57-BA72-4EAEABB1D670}-Kasia [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C3BC5B16-9609-4EA9-8E04-ACD3874DC660}-Clara Officiel.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C54CE8DC-A4CF-4469-BB57-0F88DB398B23}-Isza Lagce4.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C5EBFAA3-133B-44A5-9F60-9BD22A656746}-JessicaH [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C85AF807-BBD7-41AF-9D73-BEC6B7FF15AA}-Myriam [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C88762C9-23DE-4A6E-B7B9-A8C99BAA21E4}-6656_133491224808_656964808_3071578_7338191_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C9142A9F-EB06-408A-A36A-FDB32F935F9B}-Isza Lagce4 - Copy.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CA39E00F-5A5E-4595-8BFD-F4FD2017BE97}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CA49DCDF-82E0-408C-8D9F-68A1A4E6611D}-FannyL [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CBE0BCA9-D250-4E79-9914-F16FFD65F765}-27873_10150165035055367_721165366_12213627_161534_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CFC589D5-0ABE-443C-9926-8B85CDE93D60}-HotStufff3.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D167994B-7D7A-47FE-B14B-A6EEA67D4DB8}-Isza4 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D175E45C-C48C-4B1C-8173-1D91CE22005A}-Tania Wilson.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D197487D-A200-4584-9F9A-44C50E8D5159}-15010_102753249769399_100001041735820_18809_2346521_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D24E7F0A-1C66-4CBA-B614-D9D7E93B07D9}-Catherine Therrien.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D79913D8-46F5-4930-B653-59F8521D1352}-Hotstuff2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DA410A49-DCC6-4157-ACDD-8BB06567EE36}-Test [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DAA5D1A9-1A26-4186-B015-5B83883ADE6D}-pitoune [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DABF0581-515A-410E-BE37-13AFFB0B33D2}-Bio [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DCCF3D53-882D-462D-B5D5-B6108CE16F04}-Joyce [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DD6AE7F5-BC5F-4E0D-A7B8-14D20A71636A}-Test [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DFD6D035-68A7-42A6-B994-66EF2EA6B16F}-Vero [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E50F7448-DF89-4521-B554-FAFD39E77399}-5650_109693505046_563605046_2673195_4186981_n [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E55AD825-FC3F-4874-ACD6-B0021384C6E2}-befunky_artwork [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E5E6851F-5F37-4C2B-90E7-E32CDE1A58BD}-Vanessa Essiambre.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E6C75920-81B6-4D23-8A70-5733A365344C}-Cover [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E98AEC95-4930-40F1-BFA8-B4E9814E8B17}-Myriam_Calendar [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EA874586-5550-4E7C-ABDE-AD9E9DB44918}-9035_178982596130_583511130_4196164_1520356_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EBDAECAF-9005-4842-B143-9BC2B7D6A676}-Charlie [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EBF183CE-5600-4B30-A747-0AE716B0055C}-Anne-Sophie Rivest.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ECF05B7C-82D2-4B83-B96D-AEDB3C6B5773}-Isza2 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EF226893-D5DD-4DDB-8B48-EF6644727FE9}-Joanie [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{F4204042-6E25-4170-865C-9A47CDB7F68C}-30995_10150199442325721_573800720_12263465_44015040000_n_Underpainting_1 [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FA2DF512-994C-4EC2-AAA9-29AAC1FA9C66}-JulieC [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FCF44703-B5D5-47FE-A539-7B15F1A4C416}-Tania Wilson.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FE6F821C-4782-4AD2-A76D-FA09D5CB22FD}-RachelG [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FFB2D9D1-F7EC-483F-86E2-8862302D3CEE}-Jo [1600x1200].jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FFCFE5FB-878C-4898-A0F3-F96B7BBFDD95}-Tony Dinero.jpg:�VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:0B4227B4:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:8FF81EB0:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:D1B5B4F1:$DATA"
File:"No admin in ACL","C:\Users\All Users\TuneUp Software\TuneUp Utilities 2012\TTUSvc.tt"
File:"Unknown ADS","C:\Users\All Users\Symantec\hpc:2704092260:$DATA"
File:"No admin in ACL","C:\Users\All Users\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
File:"No admin in ACL","C:\ProgramData\TuneUp Software\TuneUp Utilities 2012\TTUSvc.tt"
File:"Unknown ADS","C:\ProgramData\Symantec\hpc:2704092260:$DATA"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\","Environment\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!
-
You dont have any rootkits based on those logs, you mentioned your machine seemed to be running slower?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
