Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect, not sure what the infection is.


  • This topic is locked This topic is locked
3 replies to this topic

#1 zodiac213

zodiac213

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 22 October 2011 - 04:00 PM

Everytime I search with google and click a link it is redirected to scour links. I had an infection by "cloud protection" and "system restore" and I think I have that all removed but I can't stop this irritating redirect crap. any help is greatly appreciated.

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Psycore at 16:49:05 on 2011-10-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1590 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFJA.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Users\Psycore\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Psycore\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Psycore\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Psycore\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Psycore\Desktop\mis91cx7.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\psycore\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WorkForce 610(Network) (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SBA4F.tmp" /EF "HKCU"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{87026A62-DCF4-45B4-A5B4-E5A6CF27011E} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\psycore\appdata\roaming\mozilla\firefox\profiles\v3hflw9q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&install_date=20111009
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111009&q=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\users\psycore\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-10-9 57312]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-22 64512]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-9-11 20080]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-8 1343400]
.
=============== Created Last 30 ================
.
2011-10-22 19:43:44 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-22 19:41:20 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-22 19:41:07 -------- d-----w- c:\program files\Lavasoft
2011-10-21 00:08:28 -------- d-----w- c:\program files\iTunes
2011-10-17 03:09:07 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a1d03523-00e0-471c-b024-eba81bab6472}\mpengine.dll
2011-10-14 02:34:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-14 02:33:22 -------- d-----w- c:\programdata\Hitman Pro
2011-10-13 23:23:55 -------- d-----w- c:\program files\AxBx
2011-10-13 21:19:55 -------- d-----w- c:\users\psycore\appdata\roaming\WWJ7E8ZYw
2011-10-13 21:18:56 -------- d-----w- c:\users\psycore\appdata\roaming\J2rLnAeTf31l
2011-10-13 21:18:55 -------- d-----w- c:\users\psycore\appdata\roaming\W2rLnAeTf31l
2011-10-13 21:18:55 -------- d-----w- c:\users\psycore\appdata\roaming\s2rLnAeTf31
2011-10-13 21:18:52 -------- d-----w- c:\users\psycore\appdata\roaming\LOUPKe1H9tSm7q
2011-10-13 21:18:24 -------- d-----w- c:\users\psycore\appdata\roaming\kzX4Og2VaX3wSdU
2011-10-13 21:18:17 -------- d-----w- c:\users\psycore\appdata\roaming\pmPYntKD7
2011-10-13 21:18:09 -------- d-----w- c:\users\psycore\appdata\roaming\RdsdEhXklINte83
2011-10-13 21:17:39 -------- d-----w- c:\users\psycore\appdata\roaming\lpLxKyWNWy8AKA7
2011-10-13 21:17:38 -------- d-----w- c:\users\psycore\appdata\roaming\y8xnknwoCnI4IH
2011-10-13 21:17:38 -------- d-----w- c:\users\psycore\appdata\roaming\OeGfAKxKcKcgcgc
2011-10-13 21:17:21 -------- d-----w- c:\users\psycore\appdata\roaming\kWoVsSgYzQU1ENE
2011-10-13 21:17:04 -------- d-----w- c:\users\psycore\appdata\roaming\WPkR6Fb0X6AU4l9
2011-10-13 21:17:02 -------- d-----w- c:\users\psycore\appdata\roaming\flrX6miAPhmlT3e
2011-10-13 21:16:59 -------- d-----w- c:\users\psycore\appdata\roaming\WaXxnKCb5h1p93V
2011-10-13 21:16:59 -------- d-----w- c:\users\psycore\appdata\roaming\bCLE42NVY7iIEow
2011-10-13 21:16:53 -------- d-----w- c:\users\psycore\appdata\roaming\b0xaXxnKCb5h1p9
2011-10-13 21:16:41 -------- d-----w- c:\users\psycore\appdata\roaming\Eo8PQUaswAshIcW
2011-10-13 21:16:40 -------- d-----w- c:\users\psycore\appdata\roaming\LWo8PQUaswAshIc
2011-10-13 21:16:39 -------- d-----w- c:\users\psycore\appdata\roaming\U6Wo8PQUaswAshI
2011-10-13 21:16:34 -------- d-----w- c:\users\psycore\appdata\roaming\YvJncxj5Hc
2011-10-13 21:16:29 -------- d-----w- c:\users\psycore\appdata\roaming\E6Wo8PQUas
2011-10-13 12:50:07 -------- d-----w- c:\users\psycore\appdata\roaming\lwjelOBtz0c1v3n
2011-10-13 12:50:01 -------- d-----w- c:\users\psycore\appdata\roaming\BJVGqAEtWr
2011-10-13 12:48:59 -------- d-----w- c:\users\psycore\appdata\roaming\TeOybnmJK
2011-10-13 12:48:49 -------- d-----w- c:\users\psycore\appdata\roaming\qom6EZZXB
2011-10-13 12:48:42 -------- d-----w- c:\users\psycore\appdata\roaming\Zu3aGmsd7Rqez0i
2011-10-13 12:48:22 -------- d-----w- c:\users\psycore\appdata\roaming\UWyKuZok5tKxh29
2011-10-13 12:48:21 -------- d-----w- c:\users\psycore\appdata\roaming\kWyKuZok5tKxh29
2011-10-13 12:48:09 -------- d-----w- c:\users\psycore\appdata\roaming\bNuDpaJfTXC
2011-10-13 12:48:07 -------- d-----w- c:\users\psycore\appdata\roaming\JwkOySDpH
2011-10-13 12:48:07 -------- d-----w- c:\users\psycore\appdata\roaming\iwkOySDpH7
2011-10-13 12:47:56 -------- d-----w- c:\users\psycore\appdata\roaming\WSgDq3w7z
2011-10-13 12:47:47 -------- d-----w- c:\users\psycore\appdata\roaming\qXo9c7PJBmC4CnU
2011-10-13 12:47:39 -------- d-----w- c:\users\psycore\appdata\roaming\EJggqXjwYXUkeIB
2011-10-13 12:47:29 -------- d-----w- c:\users\psycore\appdata\roaming\CDoSy00Oxzrekjj
2011-10-13 12:47:28 -------- d-----w- c:\users\psycore\appdata\roaming\UDoSy00Oxzrekjj
2011-10-13 12:47:23 -------- d-----w- c:\users\psycore\appdata\roaming\v2n66K7WEwIB136
2011-10-13 12:47:21 -------- d-----w- c:\users\psycore\appdata\roaming\t6fZlx1FnFpa6Th
2011-10-13 12:47:19 -------- d-----w- c:\users\psycore\appdata\roaming\iKnxVq6bxOj8R
2011-10-13 12:47:17 -------- d-----w- c:\users\psycore\appdata\roaming\SETweO0Sa7Zqwjw
2011-10-13 12:47:13 -------- d-----w- c:\users\psycore\appdata\roaming\EUr0vbHJLhjVt1n
2011-10-13 12:47:01 -------- d-----w- c:\users\psycore\appdata\roaming\nycoasE9ThTY
2011-10-13 12:45:59 -------- d-----w- c:\users\psycore\appdata\roaming\UOoQRZjwekrlVIk
2011-10-13 12:45:58 -------- d-----w- c:\users\psycore\appdata\roaming\xsAZoesyqHPT4t
2011-10-13 12:45:42 -------- d-----w- c:\users\psycore\appdata\roaming\ZJd7fTUrPDpGm4H
2011-10-13 12:45:37 -------- d-----w- c:\users\psycore\appdata\roaming\bW7Ef8TqXerBtc2
2011-10-13 12:45:33 -------- d-----w- c:\users\psycore\appdata\roaming\RvDbbonm5HQKEfT
2011-10-13 12:45:29 -------- d-----w- c:\users\psycore\appdata\roaming\mYGOK1qpesA9oVE
2011-10-13 12:45:28 -------- d-----w- c:\users\psycore\appdata\roaming\RDC5t7uq3ls
2011-10-13 12:45:20 -------- d-----w- c:\users\psycore\appdata\roaming\kKJQaFn4H56
2011-10-13 12:45:01 -------- d-----w- c:\users\psycore\appdata\roaming\zybHWTePbJ
2011-10-13 12:43:58 -------- d-----w- c:\users\psycore\appdata\roaming\CaQKRUNSF7qBABB
2011-10-13 12:43:57 -------- d-----w- c:\users\psycore\appdata\roaming\QXIN1onQfYlxGJT
2011-10-13 12:43:57 -------- d-----w- c:\users\psycore\appdata\roaming\hb5WZjB1n6EZYkr
2011-10-13 12:43:56 -------- d-----w- c:\users\psycore\appdata\roaming\QumLwAb5WZjB1n6
2011-10-13 12:43:42 -------- d-----w- c:\users\psycore\appdata\roaming\KIpXiLyWr5U3TuK
2011-10-13 12:43:21 -------- d-----w- c:\users\psycore\appdata\roaming\CcS4LTkOxiHWZVv
2011-10-13 12:43:19 -------- d-----w- c:\users\psycore\appdata\roaming\O7LYVOc4Jg
2011-10-13 12:43:16 -------- d-----w- c:\users\psycore\appdata\roaming\dZ3esx9bl82I6ye
2011-10-13 12:43:16 -------- d-----w- c:\users\psycore\appdata\roaming\CZ3esx9bl82I6ye
2011-10-13 12:43:11 -------- d-----w- c:\users\psycore\appdata\roaming\hSXoYFV6cTGt
2011-10-13 12:43:03 -------- d-----w- c:\users\psycore\appdata\roaming\TU4IslHPIQBs
2011-10-13 12:41:59 -------- d-----w- c:\users\psycore\appdata\roaming\u6e2LOnhyHYvde3
2011-10-13 12:40:54 -------- d-----w- c:\users\psycore\appdata\roaming\Tnqv8xQenqSfPfz
2011-10-13 12:40:53 -------- d-----w- c:\users\psycore\appdata\roaming\S3fYyia8e0
2011-10-13 12:40:46 -------- d-----w- c:\users\psycore\appdata\roaming\d3EziswxpfXN4Ej
2011-10-13 12:40:07 -------- d-----w- c:\users\psycore\appdata\roaming\ROFh1dko91ft6r5
2011-10-13 12:40:05 -------- d-----w- c:\users\psycore\appdata\roaming\lTyEtpqSJImjiTc
2011-10-13 12:40:02 -------- d-----w- c:\users\psycore\appdata\roaming\HECS7BQCSEtpwoL
2011-10-13 12:38:40 -------- d-----w- c:\users\psycore\appdata\roaming\mcpg0gifxHk3e4X
2011-10-13 12:38:37 -------- d-----w- c:\users\psycore\appdata\roaming\q3JjSLpqDKBG
2011-10-13 12:38:32 -------- d-----w- c:\users\psycore\appdata\roaming\QKqlxpfl1GEebT5
2011-10-13 12:38:28 -------- d-----w- c:\users\psycore\appdata\roaming\Zuo8qr0bHLU2mKe
2011-10-13 12:38:12 -------- d-----w- c:\users\psycore\appdata\roaming\REao2voHsWJdWJf
2011-10-13 12:38:07 -------- d-----w- c:\users\psycore\appdata\roaming\PTfpSxrqTf9
2011-10-13 12:38:04 -------- d-----w- c:\users\psycore\appdata\roaming\Z0pEXtoLrodkcQT
2011-10-13 12:38:04 -------- d-----w- c:\users\psycore\appdata\roaming\a0pEXtoLrodkcQT
2011-10-13 12:38:01 -------- d-----w- c:\users\psycore\appdata\roaming\zib3nGaH68wzD5g
2011-10-13 12:38:01 -------- d-----w- c:\users\psycore\appdata\roaming\Y0cSib3nGQ68w
2011-10-13 12:38:01 -------- d-----w- c:\users\psycore\appdata\roaming\g2m7RhwVxci3GQ6
2011-10-13 12:38:00 -------- d-----w- c:\users\psycore\appdata\roaming\Sl0b4fXIuFsLhwV
2011-10-13 12:37:59 -------- d-----w- c:\users\psycore\appdata\roaming\HpDvS1NUX8JFuO
2011-10-13 12:37:54 -------- d-----w- c:\users\psycore\appdata\roaming\yiQRwI1n5EqItSp
2011-10-13 12:37:44 -------- d-----w- c:\users\psycore\appdata\roaming\gnhyJIbRzFLzbEk
2011-10-13 12:37:35 -------- d-----w- c:\users\psycore\appdata\roaming\DTf9RghXrUeVIr
2011-10-13 12:37:31 -------- d-----w- c:\users\psycore\appdata\roaming\RSi0cSccx0Ay1S
2011-10-13 12:37:30 -------- d-----w- c:\users\psycore\appdata\roaming\KTg77JWdKL
2011-10-13 12:37:28 -------- d-----w- c:\users\psycore\appdata\roaming\ZQa3bvSi0cSccx0
2011-10-13 12:37:17 -------- d-----w- c:\users\psycore\appdata\roaming\HDNw84FykRH2teq
2011-10-13 12:37:14 -------- d-----w- c:\users\psycore\appdata\roaming\cR6nAOYRHoxjZ6n
2011-10-13 12:37:12 -------- d-----w- c:\users\psycore\appdata\roaming\qx7OQUu7I2de
2011-10-13 12:37:09 -------- d-----w- c:\users\psycore\appdata\roaming\w7xRS9uRSL18v
2011-10-13 12:37:08 -------- d-----w- c:\users\psycore\appdata\roaming\KWm1zkZ6bPewR
2011-10-13 12:35:56 -------- d-----w- c:\users\psycore\appdata\roaming\UQ2IgpPL4OforKD
2011-10-13 12:34:49 -------- d-----w- c:\users\psycore\appdata\roaming\WsUcsU2fNmYcaq0
2011-10-13 12:34:45 -------- d-----w- c:\users\psycore\appdata\roaming\bKrGqcJI3ZA6e3w
2011-10-13 12:34:39 -------- d-----w- c:\users\psycore\appdata\roaming\zfjzbKki6CS5X2f
2011-10-13 12:34:39 -------- d-----w- c:\users\psycore\appdata\roaming\NhOoEBFEBmT0KVp
2011-10-13 12:34:38 -------- d-----w- c:\users\psycore\appdata\roaming\YgCcFKCuHTxaqPp
2011-10-13 12:34:38 -------- d-----w- c:\users\psycore\appdata\roaming\hgCcFKCuHTxaqPp
2011-10-13 12:34:34 -------- d-----w- c:\users\psycore\appdata\roaming\hhOoEBFEB
2011-10-13 12:34:31 -------- d-----w- c:\users\psycore\appdata\roaming\kZzoKkAsRrAFKX
2011-10-13 12:34:18 -------- d-----w- c:\users\psycore\appdata\roaming\v4gI2Wwyp7U1a9e
2011-10-13 12:34:16 -------- d-----w- c:\users\psycore\appdata\roaming\ahcJVuWIid
2011-10-13 12:32:30 -------- d-----w- c:\users\psycore\appdata\roaming\P5XPswS7NaZxdk
2011-10-13 12:32:29 -------- d-----w- c:\users\psycore\appdata\roaming\kpEjS7lF9xdIiEr
2011-10-13 12:32:29 -------- d-----w- c:\users\psycore\appdata\roaming\A1G8ebLtmXu8z3g
2011-10-13 12:32:16 -------- d-----w- c:\users\psycore\appdata\roaming\oKqOvde2JUu6h0G
2011-10-13 12:32:14 -------- d-----w- c:\users\psycore\appdata\roaming\f13EhIu4ZPngtFR
2011-10-13 12:32:06 -------- d-----w- c:\users\psycore\appdata\roaming\t24dTlA36gjzcGK
2011-10-13 12:31:50 -------- d-----w- c:\users\psycore\appdata\roaming\P9wzuDHWTeA5EjN
2011-10-13 12:31:24 -------- d-----w- c:\users\psycore\appdata\roaming\nFzKik7brZQ1I8Q
2011-10-13 12:31:23 -------- d-----w- c:\users\psycore\appdata\roaming\GFzKik7brZQ1I8Q
2011-10-13 12:31:22 -------- d-----w- c:\users\psycore\appdata\roaming\XLoVKDIdSjHtRFN
2011-10-13 12:31:11 -------- d-----w- c:\users\psycore\appdata\roaming\viqFU6PEvh
2011-10-13 12:31:01 -------- d-----w- c:\users\psycore\appdata\roaming\OL2XGPg3IfoUaC4
2011-10-13 12:30:16 -------- d-----w- c:\users\psycore\appdata\roaming\YccAivvD2naHsJf
2011-10-13 12:30:16 -------- d-----w- c:\users\psycore\appdata\roaming\WiivD2ooa
2011-10-13 12:30:16 -------- d-----w- c:\users\psycore\appdata\roaming\TONxu2ibDp5HWfL
2011-10-13 12:30:16 -------- d-----w- c:\users\psycore\appdata\roaming\OamHsWJfE8TqY
2011-10-13 12:30:16 -------- d-----w- c:\users\psycore\appdata\roaming\BS2ibD3n5HWfL
2011-10-13 12:30:15 -------- d-----w- c:\users\psycore\appdata\roaming\YLgqYCwVOxu2b
2011-10-13 12:30:15 -------- d-----w- c:\users\psycore\appdata\roaming\VzNxA1uvDob4
2011-10-13 12:30:14 -------- d-----w- c:\users\psycore\appdata\roaming\eQd8ZYkeBPci3GQ
2011-10-13 12:30:08 -------- d-----w- c:\users\psycore\appdata\roaming\JNv4Q8YrPDaKhUt
2011-10-13 12:30:01 -------- d-----w- c:\users\psycore\appdata\roaming\onH8TlNv4W8YrxF
2011-10-13 12:28:41 -------- d-----w- c:\users\psycore\appdata\roaming\xzYg88J531B
2011-10-13 12:28:41 -------- d-----w- c:\users\psycore\appdata\roaming\NzZQiI8n1zXKQnD
2011-10-13 12:28:40 -------- d-----w- c:\users\psycore\appdata\roaming\fp1zYg88J531B
2011-10-13 12:28:30 -------- d-----w- c:\users\psycore\appdata\roaming\QRALAWvrR4ACW2z
2011-10-13 12:28:19 -------- d-----w- c:\users\psycore\appdata\roaming\RwJbB9vZihDq3Va
2011-10-13 12:28:19 -------- d-----w- c:\users\psycore\appdata\roaming\OwJbB9vZihDq3Va
2011-10-13 12:25:01 -------- d-----w- c:\users\psycore\appdata\roaming\WAWr1DQf8
2011-10-13 12:23:58 -------- d-----w- c:\users\psycore\appdata\roaming\a3pQEZUNc2
2011-10-13 12:22:48 -------- d-----w- c:\users\psycore\appdata\roaming\ekGCnXAA8x9iqoU
2011-10-13 12:11:16 -------- d-----w- c:\users\psycore\appdata\roaming\RDyzVXhhEdaSyzw
2011-10-13 12:10:34 -------- d-----w- c:\users\psycore\appdata\roaming\kvoms6KR9keBPc
2011-10-13 12:10:17 -------- d-----w- c:\users\psycore\appdata\roaming\rVrxu235d
2011-10-13 12:10:04 -------- d-----w- c:\users\psycore\appdata\roaming\YRLgTXqjUeIrPyA
2011-10-13 12:10:04 -------- d-----w- c:\users\psycore\appdata\roaming\PfRLgTXXjCkBzNx
2011-10-13 12:10:04 -------- d-----w- c:\users\psycore\appdata\roaming\P7RRLgTXjCkBzNx
2011-10-13 12:10:04 -------- d-----w- c:\users\psycore\appdata\roaming\NRRLgTXXjCkBzNx
2011-10-13 12:10:04 -------- d-----w- c:\users\psycore\appdata\roaming\hRRLgTXXjCkBzNx
2011-10-13 12:10:04 -------- d-----w- c:\users\psycore\appdata\roaming\bsWKfRLgTXjCkB
2011-10-13 12:10:03 -------- d-----w- c:\users\psycore\appdata\roaming\m8lvH9YrAoGdZkB
2011-10-13 12:10:03 -------- d-----w- c:\users\psycore\appdata\roaming\G8lvHLZkNv3Q8Ye
2011-10-13 12:10:03 -------- d-----w- c:\users\psycore\appdata\roaming\G8lvH9YrAoGdZkB
2011-10-13 12:05:43 -------- d-----w- c:\users\psycore\appdata\roaming\jSnEZly25Xr13
2011-10-13 12:04:47 -------- d-----w- c:\users\psycore\appdata\roaming\WsjPD6hVl
2011-10-13 12:04:47 -------- d-----w- c:\users\psycore\appdata\roaming\dsjPD6hVl
2011-10-13 12:04:37 -------- d-----w- c:\users\psycore\appdata\roaming\DdZkyn6LUzDdXOm
2011-10-13 12:02:40 -------- d-----w- c:\users\psycore\appdata\roaming\q6dWK8fRLhXUlBz
2011-10-13 12:02:37 -------- d-----w- c:\users\psycore\appdata\roaming\QcS2ib3pnQ6W8Rh
2011-10-13 12:02:36 -------- d-----w- c:\users\psycore\appdata\roaming\UD3nG6dK7R9TjCl
2011-10-13 12:02:36 -------- d-----w- c:\users\psycore\appdata\roaming\oa6dK7fRLhjClBz
2011-10-13 12:02:36 -------- d-----w- c:\users\psycore\appdata\roaming\KnG6dK7fR9TjClB
2011-10-13 12:02:36 -------- d-----w- c:\users\psycore\appdata\roaming\F6dK7fRL9TjClBz
2011-10-13 12:02:36 -------- d-----w- c:\users\psycore\appdata\roaming\b6dK7fRL9TjClBz
2011-10-13 12:02:36 -------- d-----w- c:\users\psycore\appdata\roaming\AD3nG6dK7R9TjCl
2011-10-13 12:02:32 -------- d-----w- c:\users\psycore\appdata\roaming\lXHk2JYbWXxF7Cx
2011-10-13 12:02:32 -------- d-----w- c:\users\psycore\appdata\roaming\IXHk2JYbWXxF7Cx
2011-10-13 12:02:32 -------- d-----w- c:\users\psycore\appdata\roaming\eXHk2JYbWXxF7C
2011-10-13 12:02:32 -------- d-----w- c:\users\psycore\appdata\roaming\DXHk2JYbWXxF7C
2011-10-13 12:01:42 -------- d-----w- c:\users\psycore\appdata\roaming\nt1WkNA6gCBAD24
2011-10-13 12:01:01 -------- d-----w- c:\users\psycore\appdata\roaming\aQw4gNJeCtngNS4
2011-10-13 12:00:56 -------- d-----w- c:\users\psycore\appdata\roaming\HU5XuRBQqISn8Bv
2011-10-13 12:00:53 -------- d-----w- c:\users\psycore\appdata\roaming\J1FQhl03mJQdmHG
2011-10-13 12:00:53 -------- d-----w- c:\users\psycore\appdata\roaming\DDadwrSGsEd8sWQ
2011-10-13 12:00:27 -------- d-----w- c:\users\psycore\appdata\roaming\Rmw3gtJrHNnwDEP
2011-10-13 11:59:59 -------- d-----w- c:\users\psycore\appdata\roaming\CXINi4JYN25K8Ut
2011-10-13 11:59:52 -------- d-----w- c:\users\psycore\appdata\roaming\ucL0L0Ku8vRxKzm
2011-10-13 11:59:40 -------- d-----w- c:\users\psycore\appdata\roaming\Y9V0osKgClz2nHg
2011-10-13 11:59:28 -------- d-----w- c:\users\psycore\appdata\roaming\Q4fhBuJ9k0vHKhC
2011-10-13 11:58:27 -------- d-----w- c:\users\psycore\appdata\roaming\VBCc6wc44EUtpey
2011-10-13 11:57:02 -------- d-----w- c:\users\psycore\appdata\roaming\UppnaHfVcQhOos
2011-10-13 11:56:23 -------- d-----w- c:\users\psycore\appdata\roaming\WIlUYz55an2i
2011-10-13 11:56:20 -------- d-----w- c:\users\psycore\appdata\roaming\a3Ntj6AkelUYz55
2011-10-13 11:56:15 -------- d-----w- c:\users\psycore\appdata\roaming\JtLqGcj51
2011-10-13 11:56:06 -------- d-----w- c:\users\psycore\appdata\roaming\pya8V26eC
2011-10-13 11:56:06 -------- d-----w- c:\users\psycore\appdata\roaming\pAsCSjoX2
2011-10-13 11:56:05 -------- d-----w- c:\users\psycore\appdata\roaming\SVi7B2EOGLBo8Np
2011-10-13 11:56:03 -------- d-----w- c:\users\psycore\appdata\roaming\dKlD7kswcsU1sC0
2011-10-13 11:56:00 -------- d-----w- c:\users\psycore\appdata\roaming\B4VpXD9NGYc6U1W
2011-10-13 11:54:50 -------- d-----w- c:\users\psycore\appdata\roaming\xsw2KBFZudlGqS8
2011-10-13 11:54:50 -------- d-----w- c:\users\psycore\appdata\roaming\Asw2KBFZudlGqS8
2011-10-13 11:54:42 -------- d-----w- c:\users\psycore\appdata\roaming\yrQxsrJNdNJORi9
2011-10-13 11:54:38 -------- d-----w- c:\users\psycore\appdata\roaming\EQSUJS1uXHAIfs2
2011-10-13 11:54:38 -------- d-----w- c:\users\psycore\appdata\roaming\DatZnBJSXnkGe7A
2011-10-13 11:50:25 -------- d-----w- c:\users\psycore\appdata\roaming\P6OHzKF0YEnzRHS
2011-10-13 11:48:38 -------- d-----w- c:\users\psycore\appdata\roaming\EAzCRda44G6EKZq
2011-10-13 11:47:08 -------- d-----w- c:\users\psycore\appdata\roaming\blFjDYoUs1V7iY
2011-10-13 11:47:03 -------- d-----w- c:\users\psycore\appdata\roaming\xnTtFRAWlmUpeHt
2011-10-13 11:46:57 -------- d-----w- c:\users\psycore\appdata\roaming\rmw0aRAWI
2011-10-13 11:46:41 -------- d-----w- c:\users\psycore\appdata\roaming\FWZjNim6gl0GKIS
2011-10-13 11:46:40 -------- d-----w- c:\users\psycore\appdata\roaming\bWZjNim6gl0GKI
2011-10-13 11:46:38 -------- d-----w- c:\users\psycore\appdata\roaming\mVxioJ9kNDshz
2011-10-13 11:46:27 -------- d-----w- c:\users\psycore\appdata\roaming\JYiLB5Tu7OFhuWY
2011-10-13 11:46:20 -------- d-----w- c:\users\psycore\appdata\roaming\cvdl39tLy8NGhcE
2011-10-13 11:46:16 -------- d-----w- c:\users\psycore\appdata\roaming\l2KCPpfl4hyHxJP
2011-10-13 11:46:00 -------- d-----w- c:\users\psycore\appdata\roaming\xbnmKRUtDJj0m9
2011-10-13 11:45:56 -------- d-----w- c:\users\psycore\appdata\roaming\owCwVkVkltN1FHg
2011-10-13 11:45:55 -------- d-----w- c:\users\psycore\appdata\roaming\VwCwVkVkltN1FHg
2011-10-13 11:42:20 -------- d-----w- c:\users\psycore\appdata\roaming\qca8kNSm6
2011-10-13 11:42:19 -------- d-----w- c:\users\psycore\appdata\roaming\T8gRZqhYC
2011-10-13 11:42:19 -------- d-----w- c:\users\psycore\appdata\roaming\rJ7dEL8gRqYwUrO
2011-10-13 11:42:19 -------- d-----w- c:\users\psycore\appdata\roaming\NEL8gRZqhCkVlNP
2011-10-13 11:42:19 -------- d-----w- c:\users\psycore\appdata\roaming\DQJ7dEL8gZhCkVl
2011-10-13 11:42:19 -------- d-----w- c:\users\psycore\appdata\roaming\bQJ7dEL8gZhCkVl
2011-10-13 11:42:11 -------- d-----w- c:\users\psycore\appdata\roaming\p3ZtnLym9xG9zF8
2011-10-13 11:41:42 -------- d-----w- c:\users\psycore\appdata\roaming\c8c7P5k3TiLx
2011-10-13 11:41:27 -------- d-----w- c:\users\psycore\appdata\roaming\Uo4Hs7LwOAvi3G
2011-10-13 11:41:27 -------- d-----w- c:\users\psycore\appdata\roaming\TOAvi3GQd89YjeB
2011-10-13 11:41:26 -------- d-----w- c:\users\psycore\appdata\roaming\CxP0Sb3Ga6KRhw
2011-10-13 11:41:25 -------- d-----w- c:\users\psycore\appdata\roaming\mPcSS1i3n4HsW7R
2011-10-13 11:41:21 -------- d-----w- c:\users\psycore\appdata\roaming\JOx1Sbp5JEgqXUl
2011-10-13 11:41:15 -------- d-----w- c:\users\psycore\appdata\roaming\pupdhlAmq
2011-10-13 11:41:12 -------- d-----w- c:\users\psycore\appdata\roaming\i5JfLZYkrOxu2F5
2011-10-13 11:39:58 -------- d-----w- c:\users\psycore\appdata\roaming\pRIDJCvZPmYv7V3
2011-10-13 11:38:55 -------- d-----w- c:\users\psycore\appdata\roaming\OK6JpnclvJ
2011-10-13 11:38:52 -------- d-----w- c:\users\psycore\appdata\roaming\pVYTKamp2
2011-10-13 11:38:18 -------- d-----w- c:\users\psycore\appdata\roaming\rKE7WfW6Q
2011-10-13 11:37:19 -------- d-----w- c:\users\psycore\appdata\roaming\U7XlcGEIvp7YPD7
2011-10-13 11:37:14 -------- d-----w- c:\users\psycore\appdata\roaming\Zsq0WUyn9O3Rl2J
2011-10-13 11:37:03 -------- d-----w- c:\users\psycore\appdata\roaming\F2Ew0swv5
2011-10-13 11:36:52 -------- d-----w- c:\users\psycore\appdata\roaming\TfkcoKTOb
2011-10-13 11:36:27 -------- d-----w- c:\users\psycore\appdata\roaming\O6x9ieaO7Dl8o
2011-10-13 11:36:25 -------- d-----w- c:\users\psycore\appdata\roaming\fcgDXmIE1h3OL
2011-10-13 11:30:35 -------- d-----w- c:\users\psycore\appdata\roaming\PNskD8BGh0s9Uc3
2011-10-13 11:30:34 -------- d-----w- c:\users\psycore\appdata\roaming\rmU4kHOdP
2011-10-13 11:30:28 -------- d-----w- c:\users\psycore\appdata\roaming\UpuxVYZ7sbyY6i
2011-10-13 11:30:28 -------- d-----w- c:\users\psycore\appdata\roaming\kDuxVYZ7sbyY6i
2011-10-13 11:30:28 -------- d-----w- c:\users\psycore\appdata\roaming\k3uxVYZ7sbyY6i
2011-10-13 11:30:27 -------- d-----w- c:\users\psycore\appdata\roaming\wDuxVYZ7sbyY6
2011-10-13 11:30:26 -------- d-----w- c:\users\psycore\appdata\roaming\XZ8W7QFctrkgL
2011-10-13 11:30:21 -------- d-----w- c:\users\psycore\appdata\roaming\EQoBha2BQzHlHw4
2011-10-13 11:30:16 -------- d-----w- c:\users\psycore\appdata\roaming\kcnEdsmnSrLQuIL
2011-10-13 11:30:06 -------- d-----w- c:\users\psycore\appdata\roaming\QXPpj04LUN1
2011-10-13 11:30:03 -------- d-----w- c:\users\psycore\appdata\roaming\TdYc5eSHR
2011-10-13 11:29:52 -------- d-----w- c:\users\psycore\appdata\roaming\cf3tTphiRxHqz4f
2011-10-13 11:29:50 -------- d-----w- c:\users\psycore\appdata\roaming\OrLGcwfCPm9tD6Y
2011-10-13 11:29:50 -------- d-----w- c:\users\psycore\appdata\roaming\NlLGcwfCPm9tD6Y
2011-10-13 11:29:47 -------- d-----w- c:\users\psycore\appdata\roaming\S1VLFBYsia8BbWw
2011-10-13 11:29:46 -------- d-----w- c:\users\psycore\appdata\roaming\CFROG8rbJnxjmuE
2011-10-13 11:29:41 -------- d-----w- c:\users\psycore\appdata\roaming\Uo8rngzFLriVLo
2011-10-13 11:29:27 -------- d-----w- c:\users\psycore\appdata\roaming\q5zKxWB6PQVm
2011-10-13 11:21:58 -------- d-----w- c:\users\psycore\appdata\roaming\ZxD5fYlNcD3G
2011-10-13 11:15:58 -------- d-----w- c:\users\psycore\appdata\roaming\SksP9bStYK
2011-10-13 11:15:57 -------- d-----w- c:\users\psycore\appdata\roaming\zi90KP91h5
2011-10-13 11:10:51 -------- d-----w- c:\users\psycore\appdata\roaming\D7gqCkIBzx1v2Fp
2011-10-13 11:10:50 -------- d-----w- c:\users\psycore\appdata\roaming\ZAH7eAvmKwyafgq
2011-10-13 11:10:49 -------- d-----w- c:\users\psycore\appdata\roaming\Z7ZrupJhl
2011-10-13 11:10:47 -------- d-----w- c:\users\psycore\appdata\roaming\ZkkUUVrlOBt01pa
2011-10-13 11:10:47 -------- d-----w- c:\users\psycore\appdata\roaming\gXkUUVrlOBt01p
2011-10-13 11:10:45 -------- d-----w- c:\users\psycore\appdata\roaming\fBc2aW8Cz0iGd8R
2011-10-13 11:10:39 -------- d-----w- c:\users\psycore\appdata\roaming\X14fYN59lcnKXru
2011-10-13 11:10:39 -------- d-----w- c:\users\psycore\appdata\roaming\JaB7laXc4L3jD7A
2011-10-13 11:10:35 -------- d-----w- c:\users\psycore\appdata\roaming\znRIisr26w049B2
2011-10-13 11:10:33 -------- d-----w- c:\users\psycore\appdata\roaming\XoLB27kcaq15ZNb
2011-10-13 11:10:24 -------- d-----w- c:\users\psycore\appdata\roaming\k7V2Jjy4LIvsZB
2011-10-13 11:05:40 -------- d-----w- c:\users\psycore\appdata\roaming\mmWK7ETYey12F
2011-10-13 11:05:38 -------- d-----w- c:\users\psycore\appdata\roaming\Q7EL8gTZqYw
2011-10-13 11:05:38 -------- d-----w- c:\users\psycore\appdata\roaming\cfeyDFms7LgZ
2011-10-13 11:05:33 -------- d-----w- c:\users\psycore\appdata\roaming\l9XYkry1SFG7E8R
2011-10-13 11:05:33 -------- d-----w- c:\users\psycore\appdata\roaming\gXYkry1SFG7E8Rh
2011-10-13 11:00:39 -------- d-----w- c:\users\psycore\appdata\roaming\zna6KRhjeIN12n4
2011-10-13 11:00:39 -------- d-----w- c:\users\psycore\appdata\roaming\ZjeIP12on4m5W7E
2011-10-13 11:00:34 -------- d-----w- c:\users\psycore\appdata\roaming\SWK7fR9TqeBPyuD
2011-10-13 11:00:34 -------- d-----w- c:\users\psycore\appdata\roaming\SK7fR9TqjeBPyuD
2011-10-13 10:55:52 -------- d-----w- c:\users\psycore\appdata\roaming\NJLgCNPiQ69
2011-10-13 10:55:49 -------- d-----w- c:\users\psycore\appdata\roaming\JlBNcuDo4m5JdLg
2011-10-13 10:55:47 -------- d-----w- c:\users\psycore\appdata\roaming\GCIzy1Sbp5
2011-10-13 10:51:02 -------- d-----w- c:\users\psycore\appdata\roaming\DIBtzPN1iDoFaHs
2011-10-13 10:51:00 -------- d-----w- c:\users\psycore\appdata\roaming\JcS1ib3ona6W7R9
2011-10-13 08:04:12 -------- d-----w- c:\users\psycore\appdata\roaming\oelIBrzPNc1v2n4
2011-10-13 08:04:03 -------- d-----w- c:\users\psycore\appdata\roaming\HS2obF4pm5Q7E8R
2011-10-13 08:04:02 -------- d-----w- c:\users\psycore\appdata\roaming\s3pmG5aQJdKfZhX
2011-10-09 04:21:56 -------- d-----w- c:\programdata\mergeparts
2011-10-09 04:21:43 -------- d-----w- c:\programdata\explauncher
2011-10-09 04:21:41 -------- d-----w- c:\programdata\launcher
2011-10-09 04:20:38 57312 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-10-09 04:19:29 -------- d-----w- c:\program files\Paragon Software
2011-10-09 04:01:17 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-10-09 03:24:29 -------- d-----w- c:\windows\system32\appmgmt
2011-10-09 03:13:50 -------- d-----w- c:\program files\VideoLAN
2011-10-09 03:06:55 98816 ----a-w- c:\windows\system32\ffvdub.vdf
2011-10-09 03:06:55 65536 ----a-w- c:\windows\system32\FLT_ffdshow.dll
2011-10-09 03:06:55 54272 ----a-w- c:\windows\system32\ffavisynth.dll
2011-10-09 03:06:55 51200 ----a-w- c:\windows\system32\ff_acm.acm
2011-10-09 03:06:55 100352 ----a-w- c:\windows\system32\makeAVIS.exe
2011-10-09 03:06:55 -------- d-----w- c:\windows\system32\languages
2011-10-09 03:06:54 248832 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2011-10-09 03:06:52 1175507 ----a-w- c:\windows\system32\unins000.exe
2011-10-09 02:51:35 -------- d-----w- c:\windows\system32\custom matrices
2011-10-09 02:51:30 -------- d-----w- c:\windows\system32\QuickTime
2011-10-09 02:51:30 -------- d-----w- c:\windows\system32\C2MP
2011-10-07 21:57:03 -------- d-----w- c:\windows\AutoKMS
2011-10-03 04:09:51 -------- d-----w- c:\users\psycore\appdata\roaming\Malwarebytes
2011-10-03 04:09:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 04:09:34 -------- d-----w- c:\programdata\Malwarebytes
2011-10-03 04:09:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 04:09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 22:04:38 -------- d-----w- c:\users\psycore\appdata\local\Ahead
2011-10-02 18:09:03 -------- d-----w- c:\programdata\Nero
2011-10-02 18:09:03 -------- d-----w- c:\program files\Nero
.
==================== Find3M ====================
.
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 02:56:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-08 03:39:58 9616896 ----a-w- c:\windows\system32\HENSLEYHD.scr
2011-09-06 02:28:37 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 05:43:37 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-03 03:14:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-09-03 02:59:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-29 17:19:56 249936 ----a-w- c:\windows\system32\prgiso.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 02:22:06 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-29 01:44:08 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-29 01:41:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-29 01:40:46 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-29 01:36:28 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-29 01:35:54 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-29 01:35:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-29 01:34:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-29 01:33:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-29 01:33:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-29 01:33:36 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-29 01:33:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-29 01:30:28 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-29 01:11:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-29 01:11:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-29 01:11:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-29 01:09:12 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-29 01:07:26 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-29 01:04:00 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-29 01:01:50 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-29 00:54:44 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-29 00:54:32 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-29 00:54:20 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-29 00:53:48 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-29 00:53:16 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-29 00:53:02 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-29 00:52:40 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-07-29 00:52:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-29 00:51:06 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-29 00:51:06 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-28 18:16:50 671744 ----a-w- c:\windows\system32\xvidcore.dll
2011-07-28 18:16:50 3651072 ----a-w- c:\windows\system32\ffdshow.ax
2011-07-28 18:16:50 336896 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-07-28 18:16:50 324608 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-07-28 18:16:50 217088 ----a-w- c:\windows\system32\ff_libdts.dll
2011-07-28 18:16:50 1530368 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-07-28 18:16:50 152064 ----a-w- c:\windows\system32\ff_libmad.dll
2011-07-28 18:16:50 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2011-07-28 18:16:50 141312 ----a-w- c:\windows\system32\ff_unrar.dll
2011-07-28 18:16:50 122368 ----a-w- c:\windows\system32\ff_liba52.dll
2011-07-28 18:16:50 101376 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-07-28 18:07:26 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-28 17:46:04 3854336 ----a-w- c:\windows\system32\ffmpeg.dll
.
============= FINISH: 16:49:39.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:50 PM

Posted 25 October 2011 - 01:31 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:50 PM

Posted 28 October 2011 - 12:10 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:50 PM

Posted 01 November 2011 - 12:40 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users