Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect AGAIN!! and missing HOSTS files


  • This topic is locked This topic is locked
12 replies to this topic

#1 elves1111

elves1111

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 26 March 2012 - 03:46 PM

Tried to run a restore of HOSTS files with spyware blaster, but everytime i try to it doesn't work and basically freezes, although i can still click on other functions in the program but they don't do anything other than un-highlighting the HOSTS file i chose to restore. am currently running MBAM again and SAS and will post results. here is the winpatrol log to maybe help in the meantime. thanks!


Log created by WinPatrol [FREE Edition] version 20.5.2011.0:20.5.2011.0
Scan saved at 2:23:40 PM, on 3/26/2012
Platform: Windows 7 Service Pack 1 (Build 7601)
MSIE: Internet Explorer (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES (X86)\Motorola\MOTOHELPER\MOTOHELPERAGENT.EXE
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\kernel32.dll
C:\Windows\SysWOW64\KERNELBASE.DLL
C:\Windows\SysWOW64\ws2_32.dll
C:\Windows\SysWOW64\msvcrt.dll
C:\Windows\SysWOW64\rpcrt4.dll
C:\Windows\SysWOW64\sspicli.dll
C:\Windows\SysWOW64\CRYPTBASE.DLL
C:\Windows\SysWOW64\sechost.dll
C:\Windows\SysWOW64\nsi.dll
C:\Windows\SysWOW64\wininet.dll
C:\Windows\SysWOW64\shlwapi.dll
C:\Windows\SysWOW64\gdi32.dll
C:\Windows\SysWOW64\user32.dll
C:\Windows\SysWOW64\advapi32.dll
C:\Windows\SysWOW64\lpk.dll
C:\Windows\SysWOW64\usp10.dll
C:\Windows\SysWOW64\normaliz.dll
C:\Windows\SysWOW64\iertutil.dll
C:\Windows\SysWOW64\urlmon.dll
C:\Windows\SysWOW64\ole32.dll
C:\Windows\SysWOW64\oleaut32.dll
C:\Windows\SysWOW64\psapi.dll
C:\Windows\SysWOW64\shell32.dll
C:\Windows\winsxs\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.7601.17514_NONE_41E6975E2BD6F2B2\comctl32.dll
C:\Windows\System32\imm32.dll
C:\Windows\SysWOW64\msctf.dll
C:\Windows\SysWOW64\clbcatq.dll
C:\Windows\System32\uxtheme.dll
C:\Windows\SysWOW64\mswsock.dll
C:\WINDOWSOOT\SYSTEMROOT\SYSWOW64\MSWSOCK.DLL
C:\Windows\System32\cabinet.dll
C:\Windows\SysWOW64\imagehlp.dll
C:\Windows\System32\secur32.dll
C:\Windows\SysWOW64\crypt32.dll
C:\Windows\SysWOW64\msasn1.dll
C:\Windows\SysWOW64\wintrust.dll
C:\Windows\System32\WSHTCPIP.DLL
C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\mbamgui.exe
C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\mbam.dll
C:\Windows\System32\version.dll
C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\mbamnet.dll
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll
C:\Windows\System32\wtsapi32.dll
C:\Windows\System32\profapi.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\System32\rsaenh.dll
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\PATROLPRO.DLL
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\Windows\System32\winmm.dll
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\sqlite3.dll
C:\Windows\System32\propsys.dll
C:\Windows\System32\apphelp.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\oleacc.dll
C:\Windows\SysWOW64\setupapi.dll
C:\Windows\SysWOW64\cfgmgr32.dll
C:\Windows\SysWOW64\devobj.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\SysWOW64\Wldap32.dll
C:\Windows\System32\mpr.dll
C:\PROGRAM FILES (X86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\winsxs\X86_MICROSOFT.VC90.CRT_1FC8B3B9A1E18E3B_9.0.30729.4940_NONE_50916076BCB9A742\msvcp90.dll
C:\Windows\winsxs\X86_MICROSOFT.VC90.CRT_1FC8B3B9A1E18E3B_9.0.30729.4940_NONE_50916076BCB9A742\msvcr90.dll
C:\PROGRAM FILES (X86)\Lavasoft\Ad-Aware\RESOURCES.DLL
C:\PROGRAM FILES (X86)\EXPAT SHIELD\bin\OPENVPNTRAY.EXE
C:\PROGRAM FILES (X86)\EXPAT SHIELD\bin\lang\gui-eng.dll
C:\Windows\System32\dnsapi.dll
C:\Windows\System32\PeerDist.dll
C:\Windows\System32\userenv.dll
C:\Windows\System32\authz.dll
C:\Windows\System32\rasapi32.dll
C:\Windows\System32\rasman.dll
C:\Windows\System32\rtutils.dll
C:\Windows\System32\SensApi.dll
C:\PROGRAM FILES (X86)\Opera\opera.exe
C:\Windows\System32\psapi.dll
C:\PROGRAM FILES (X86)\Opera\opera.dll
C:\Windows\System32\wsock32.dll
C:\Windows\SysWOW64\comdlg32.dll
C:\Windows\System32\wintrust.dll
C:\Windows\System32\dwmapi.dll
C:\Windows\System32\msimg32.dll
C:\Windows\System32\winrnr.dll
C:\Windows\System32\wship6.dll
C:\Windows\System32\rasadhlp.dll
C:\Windows\System32\FWPUCLNT.DLL
C:\Windows\System32\oleacc.dll
C:\Windows\System32\EXPLORERFRAME.DLL
C:\Windows\System32\duser.dll
C:\Windows\System32\dui70.dll
C:\Windows\System32\linkinfo.dll
C:\Windows\System32\ntshrui.dll
C:\Windows\System32\srvcli.dll
C:\Windows\System32\cscapi.dll
C:\Windows\System32\slc.dll
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\GSTREAMER.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTAUDIOCONVERT.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTAUDIORESAMPLE.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTAUTODETECT.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTCOREPLUGINS.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTDECODEBIN2.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTDIRECTSOUND.DLL
C:\Windows\System32\dsound.dll
C:\Windows\System32\powrprof.dll
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTFFMPEGCOLORSPACE.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTOGGDEC.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTTYPEFINDFUNCTIONS.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTWAVEFORM.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTWAVPARSE.DLL
C:\PROGRAM FILES (X86)\Opera\GSTREAMER\plugins\GSTWEBMDEC.DLL
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
C:\Windows\System32\mscms.dll
C:\Windows\System32\mlang.dll
C:\Windows\System32\credssp.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\System32\MMDevAPI.dll
C:\Windows\System32\wdmaud.drv
C:\Windows\System32\ksuser.dll
C:\Windows\System32\avrt.dll
C:\Windows\System32\AudioSes.dll
C:\Windows\System32\msacm32.drv
C:\Windows\System32\msacm32.dll
C:\Windows\System32\midimap.dll
C:\PROGRAM FILES (X86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\winsxs\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_5.82.7601.17514_NONE_EC83DFFA859149AF\comctl32.dll
C:\PROGRAM FILES (X86)\Lavasoft\Ad-Aware\PRIVACYCLEAN.DLL
C:\PROGRAM FILES (X86)\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
C:\Windows\System32\mstask.dll

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
O2 - BHO: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Expat Shield Toolbar - {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
O4 - HKLM\..\Run: [Apoint]C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh]%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray]C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]C:\Windows\system32\igfxpers.exe
O4 - HKU\..\Run: [Malwarebytes' Anti-Malware]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /starttray
O4 - HKU\..\Run: [FileFort]C:\Program Files (x86)\NCH Software\FileFort\filefort.exe -logon
O4 - HKU\..\Run: [WinPatrol [FREE Edition]]C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O11 - Options group: [Accelerated graphics] Accelerated graphics - C:\Windows\SysWOW64
O11 - Options group: [] -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_29) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
O23 - Service: SAS Core Service - SUPERAntiSpyware.com - C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Defragmentation-Service - mst software GmbH, Germany - C:\PROGRAM FILES (X86)\Ashampoo\ASHAMPOO WINOPTIMIZER 9\DfSdkS64.exe
O23 - Service: Expat Shield Service - - C:\PROGRAM FILES (X86)\EXPAT SHIELD\bin\OPENVPNAS.EXE
O23 - Service: Expat Shield Routing Service - - C:\PROGRAM FILES (X86)\EXPAT SHIELD\HssWPR\hsssrv.exe
O23 - Service: Expat Shield Tray Service - - C:\PROGRAM FILES (X86)\EXPAT SHIELD\bin\EXPATTRAYSERVICE.EXE
O23 - Service: Expat Shield Monitoring Service - - C:\PROGRAM FILES (X86)\EXPAT SHIELD\bin\hsswd.exe
O23 - Service: Veoh Giraffic Video Accelerator - Giraffic - C:\PROGRAM FILES (X86)\Giraffic\VEOH_GIRAFFICWATCHDOG.EXE
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\PROGRAM FILES (X86)\Lavasoft\Ad-Aware\AAWSERVICE.EXE
O23 - Service: Intel® Management and Security Application Local Management Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL® MANAGEMENT ENGINE COMPONENTS\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE
O23 - Service: MotoHelper Service - - C:\PROGRAM FILES (X86)\Motorola\MOTOHELPER\MOTOHELPERSERVICE.EXE
O23 - Service: Wanusb - Oak Technology Inc. - C:\WINDOWS\SYSTEM32\MCUPDMGR.EXE
O23 - Service: Intel® Management & Security Application User Notification Service - Intel Corporation - C:\PROGRAM FILES (X86)\Intel\INTEL® MANAGEMENT ENGINE COMPONENTS\UNS\UNS.exe
O23 - Service: Windows Media Player Network Sharing Service - - C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

--- Additional WinPatrol Info ---
Default Browser: Windows® Internet Explorer - Internet Explorer version 9.00.8112.16421
MSIE: Internet Explorer (9.00.8112.16421)
Firefox 3.6.25 installed in C:\Program Files (x86)\Mozilla Firefox.
21 IE Cookies in Folder: C:\Users\me\AppData\Roaming\Microsoft\Windows\Cookies\
54 Mozilla Cookies in Folder: C:\Users\me\AppData\Roaming\Mozilla\FireFox\Profiles\nuw83slz.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.old
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.old
WP01 - HKLM\CS2: PendingFileRenameOperations = \??\C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.old
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03/26/2012 2:03 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03/26/2012 1:03 AM
WP31 - Scheduled Tasks: [Ad-Aware Update (Weekly).job]C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Never

WP16 - ActiveX: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Microsoft Url Search Hook] C:\Windows\SysWOW64\ieframe.dll 9.00.8112.16421
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx 11,1,102,55
WP16 - ActiveX: {D859F3EB-B5F1-47D0-9839-6DF8B311E450} [Expat Shield API Server] C:\PROGRAM FILES (X86)\EXPAT_SHIELD\PRXTBEXPA.DLL 6.4.0.0
WP16 - ActiveX: {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES (X86)\MICROSOFT SILVERLIGHT\4.0.60831.0\npctrl.dll 4.0.60831.0
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\Windows\System32\msxml3.dll 8.110.7601.17514
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\Windows\System32\msxml3.dll 8.110.7601.17514
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\SysWOW64\wmpdxm.dll 12.0.7601.17514
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [Microsoft Silverlight] C:\PROGRAM FILES (X86)\MICROSOFT SILVERLIGHT\4.0.60831.0\npctrl.dll 4.0.60831.0
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.1.7600.16385
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 6.1.7601.17514
WP16 - ActiveX: {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4} [Microsoft RDP Client Control (redistributable) - version 4a] C:\Windows\System32\mstscax.dll 6.1.7601.17514
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\SysWOW64\ieframe.dll 9.00.8112.16421
WP16 - ActiveX: {971127BB-259F-48c2-BD75-5F97A3331551} [Microsoft RDP Client Control (redistributable) - version 3a] C:\Windows\System32\mstscax.dll 6.1.7601.17514
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\Windows\SysWOW64\mshtml.dll 9.00.8112.16421
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll 10.1.2.45
WP16 - ActiveX: {CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [Deployment Toolkit] C:\Windows\SysWOW64\DEPLOYJAVA1.DLL 6.0.290.11
WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\Windows\SysWOW64\rmoc3260.dll 12.0.1.669
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx 11,1,102,55
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx 11,1,102,55

WP32 - Hidden File: C:\bootmgr
WP32 - Hidden File: C:\BOOTSECT.BAK
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-lsalookup-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-security-sddl-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-service-core-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-service-management-l1-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-service-management-l2-1-0.dll
WP32 - Hidden File: C:\Windows\System32\api-ms-win-service-winsvc-l1-1-0.dll
WP32 - Hidden File: C:\Users\me\AppData\Local\Temp\Cookies\index.dat

WP33 - File Type .AVI: [VLC media file (.avi)]C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file %1
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [WinRAR archive]C:\Program Files\WinRAR\WinRAR.exe %1
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .EML: [Open Freely]C:\Program Files\Open Freely\OpenFreely.exe %1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Open Freely]C:\Program Files\Open Freely\OpenFreely.exe %1
WP33 - File Type .MID: [VLC media file (.mid)]C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file %1
WP33 - File Type .MP3: [VLC media file (.mp3)]C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file %1
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [RealPlayer Presentation]C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\Windows\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Office Excel 97-2003 Worksheet]C:\Program Files (x86)\Microsoft Office\Office12\xlview.exe %1

Memory currently in use: 54%
Physical Memory Free: 1,737,388 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,936,276 KB


--
End of file

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 AM

Posted 28 March 2012 - 09:51 AM

Hi,


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 elves1111

elves1111
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 29 March 2012 - 02:21 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by me at 13:14:47 on 2012-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3764.1257 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA}\2627F64786562737 : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA}\D697177756374763732333 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E7A833EC-CD6F-4EAC-8833-F03013942FF6} : NameServer = 10.198.112.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO-X64: Expat Shield - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\
FF - prefs.js: browser.search.selectedEngine - Google Encrypted: No Personalization
FF - prefs.js: browser.startup.homepage - hxxp://anonymous-proxy-servers.net
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Expat Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ProfileSwitcher: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} - %profile%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - C:\ProgramData\CodecCheck\firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2012-3-13 30592]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-17 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 P0630VID;Creative WebCam Live!;C:\Windows\system32\DRIVERS\P0630Vid.sys --> C:\Windows\system32\DRIVERS\P0630Vid.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
.
=============== Created Last 30 ================
.
2012-03-29 02:44:47 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-03-28 04:40:03 -------- d-----w- C:\TubeOhm-Pure-PoneV1-6
2012-03-27 20:22:50 93696 ----a-w- C:\Users\me\AppData\Roaming\ezpinst.exe
2012-03-27 20:22:50 82048 ----a-w- C:\Users\me\AppData\Roaming\pcouffin.sys
2012-03-27 20:22:46 -------- d-----w- C:\Program Files (x86)\Media Convert Master
2012-03-26 23:19:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-26 23:19:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-26 05:18:46 -------- d-----w- C:\Program Files (x86)\XaoS
2012-03-26 02:19:44 -------- d-----w- C:\Users\me\AppData\Roaming\Ultra Fractal 5
2012-03-26 02:19:44 -------- d-----w- C:\Program Files (x86)\Ultra Fractal 5
2012-03-26 02:12:22 -------- d-----w- C:\Program Files (x86)\Sterling Thornton
2012-03-26 02:03:11 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-26 02:02:04 -------- d-----we C:\Windows\system64
2012-03-23 17:39:53 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3249B3A7-13AD-4AAF-BC69-49D1BA852C8F}\mpengine.dll
2012-03-22 18:35:46 -------- d-----w- C:\Users\me\AppData\Roaming\MaskMyIP
2012-03-22 18:35:46 -------- d-----w- C:\ProgramData\MaskMyIP
2012-03-22 18:31:43 -------- d-----w- C:\Program Files (x86)\MaskMyIP
2012-03-19 03:31:04 -------- d-----w- C:\Program Files (x86)\FXpansion
2012-03-19 03:18:22 -------- d-----w- C:\Users\me\AppData\Roaming\FXpansion
2012-03-18 03:15:51 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-03-18 03:15:42 -------- d-----w- C:\Program Files\Common Files\MAGIX Services
2012-03-18 03:15:34 -------- d-----w- C:\Program Files (x86)\MAGIX
2012-03-17 20:43:11 -------- d-----w- C:\Users\me\AppData\Roaming\DarkWave Studio
2012-03-17 03:51:37 -------- d-----w- C:\Program Files (x86)\ExperimentalScene
2012-03-14 23:02:34 -------- d-----w- C:\Program Files\Camel Audio
2012-03-14 23:02:29 -------- d-----w- C:\ProgramData\Camel Audio
2012-03-14 23:02:29 -------- d-----w- C:\Program Files\VSTPlugins
2012-03-14 21:08:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 21:08:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:08:36 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:13:23 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:13:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:13:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 16:50:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 16:50:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 16:50:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 16:50:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 16:50:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 16:50:38 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 16:50:38 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 16:50:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 03:10:06 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2012-03-13 23:41:06 -------- d-----w- C:\Program Files (x86)\HWiNFO32
2012-03-12 23:46:24 -------- dc-h--w- C:\ProgramData\{54FDDA32-BC12-48BF-81E3-818E1F6D319C}
2012-03-12 23:46:24 -------- d-----w- C:\Program Files\Lexicon
2012-03-12 23:45:54 -------- d-----w- C:\Users\me\AppData\Local\PackageAware
2012-03-12 01:40:06 -------- d-----w- C:\Program Files\Steinberg
2012-03-12 01:35:31 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2012-03-10 06:37:20 -------- d-----w- C:\ProgramData\hssff
2012-03-10 03:33:30 -------- d-----w- C:\Users\me\AppData\Roaming\Cycling '74
2012-03-10 03:30:33 -------- d-----w- C:\Users\me\AppData\Roaming\PACE Anti-Piracy
2012-03-10 03:30:33 -------- d-----w- C:\Users\me\AppData\Local\PACE Anti-Piracy
2012-03-10 03:30:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-03-10 03:08:19 -------- d-----w- C:\Program Files (x86)\Cycling '74
2012-03-10 03:06:16 -------- d-----w- C:\Program Files (x86)\InterLok
2012-03-09 04:47:15 34304 ----a-w- C:\Windows\System32\DfSdkBt.exe
2012-03-09 04:42:20 -------- d-----w- C:\Users\me\AppData\Roaming\OtakuSoftware
2012-03-08 03:49:46 579504 ----a-w- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v13.2.1.ocx
2012-03-08 03:49:46 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2012-03-08 03:49:46 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-03-08 03:49:46 2381744 ----a-w- C:\Windows\SysWow64\Codejock.CommandBars.Unicode.v13.2.1.ocx
2012-03-08 01:13:18 -------- d-----w- C:\Users\me\AppData\Roaming\Ashampoo
2012-03-08 01:12:15 -------- d-----w- C:\Users\me\AppData\Local\ashampoo
2012-03-08 01:12:15 -------- d-----w- C:\ProgramData\ashampoo
2012-03-08 01:11:26 -------- d-----w- C:\Program Files (x86)\Ashampoo
.
==================== Find3M ====================
.
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-20 09:27:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 04:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe
2012-01-11 04:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-01-11 04:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe
2012-01-11 04:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe
2012-01-11 04:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe
2012-01-11 04:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe
2012-01-11 04:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-01-11 04:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll
2012-01-11 04:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll
2012-01-11 04:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-01-11 04:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2012-01-11 04:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin
2012-01-11 04:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin
2012-01-11 04:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin
2012-01-11 04:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin
2012-01-11 04:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin
2012-01-11 04:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-01-11 04:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2012-01-11 04:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-01-11 03:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-01-11 03:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-01-11 03:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-01-11 03:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-01-11 03:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-01-11 03:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-01-11 03:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll
2012-01-11 03:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-01-11 03:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll
2012-01-11 03:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-01-11 03:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-01-11 03:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2012-01-11 03:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-01-11 03:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-01-11 03:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-01-11 03:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-01-11 03:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-01-11 03:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-01-11 03:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-01-11 03:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-01-11 03:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-01-04 23:01:56 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2012-01-04 23:01:54 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 13:17:07.33 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 AM

Posted 29 March 2012 - 11:36 PM

Hi,

uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 elves1111

elves1111
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 30 March 2012 - 03:10 PM

tried to run dds again but now can't open any programs or files unless i "run as administrator" which isn't an option on most when right clicking anymore. when i attempt to, a box with red x circle pops up saying "illegal operation attempted on a registry key that has been marked for deletion" !!! was only able to get online by going into start menu and opening opera that way with "run as administrator". figured i should tell you this. heres the log

ComboFix 12-03-30.06 - me 03/30/2012 13:38:41.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3764.2398 [GMT -6:00]
Running from: c:\users\me\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 19:46 . 2012-03-30 19:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-30 19:46 . 2012-03-30 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 19:46 . 2012-03-30 19:46 -------- d-----w- c:\users\Craig\AppData\Local\temp
2012-03-30 01:15 . 2012-03-30 01:15 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-03-29 02:44 . 2009-10-25 03:15 1332224 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2012-03-28 04:40 . 2012-03-28 04:40 -------- d-----w- C:\TubeOhm-Pure-PoneV1-6
2012-03-27 20:22 . 2012-03-27 20:23 -------- d-----w- c:\users\me\AppData\Roaming\Vso
2012-03-27 20:22 . 2012-03-27 20:22 93696 ----a-w- c:\users\me\AppData\Roaming\ezpinst.exe
2012-03-27 20:22 . 2012-03-27 20:22 82048 ----a-w- c:\users\me\AppData\Roaming\pcouffin.sys
2012-03-27 20:22 . 2012-03-27 20:23 -------- d-----w- c:\program files (x86)\Media Convert Master
2012-03-26 23:19 . 2012-03-26 23:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-26 23:19 . 2012-03-26 23:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-26 05:18 . 2012-03-26 05:18 -------- d-----w- c:\program files (x86)\XaoS
2012-03-26 02:19 . 2012-03-26 02:20 -------- d-----w- c:\users\me\AppData\Roaming\Ultra Fractal 5
2012-03-26 02:19 . 2012-03-26 02:19 -------- d-----w- c:\program files (x86)\Ultra Fractal 5
2012-03-26 02:12 . 2012-03-26 02:12 -------- d-----w- c:\program files (x86)\Sterling Thornton
2012-03-23 17:39 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3249B3A7-13AD-4AAF-BC69-49D1BA852C8F}\mpengine.dll
2012-03-22 18:35 . 2012-03-22 18:35 -------- d-----w- c:\users\me\AppData\Roaming\MaskMyIP
2012-03-22 18:35 . 2012-03-22 18:35 -------- d-----w- c:\programdata\MaskMyIP
2012-03-22 18:31 . 2012-03-26 22:34 -------- d-----w- c:\program files (x86)\MaskMyIP
2012-03-19 03:31 . 2012-03-19 03:32 -------- d-----w- c:\program files (x86)\FXpansion
2012-03-19 03:18 . 2012-03-20 02:26 -------- d-----w- c:\users\me\AppData\Roaming\FXpansion
2012-03-18 03:15 . 2012-03-18 03:15 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-03-18 03:15 . 2012-03-18 03:15 -------- d-----w- c:\program files\Common Files\MAGIX Services
2012-03-18 03:15 . 2012-03-18 03:15 -------- d-----w- c:\program files (x86)\MAGIX
2012-03-17 20:43 . 2012-03-17 21:44 -------- d-----w- c:\users\me\AppData\Roaming\DarkWave Studio
2012-03-17 03:51 . 2012-03-17 21:44 -------- d-----w- c:\program files (x86)\ExperimentalScene
2012-03-14 23:02 . 2012-03-14 23:02 -------- d-----w- c:\program files\Camel Audio
2012-03-14 23:02 . 2012-03-14 23:02 -------- d-----w- c:\program files\VSTPlugins
2012-03-14 23:02 . 2012-03-14 23:02 -------- d-----w- c:\programdata\Camel Audio
2012-03-14 21:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 21:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:13 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:13 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 16:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 16:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 16:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 16:50 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 16:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 16:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 16:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 16:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 03:10 . 2012-03-14 03:10 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-03-13 23:41 . 2012-03-13 23:46 -------- d-----w- c:\program files (x86)\HWiNFO32
2012-03-12 23:46 . 2012-03-12 23:46 -------- dc-h--w- c:\programdata\{54FDDA32-BC12-48BF-81E3-818E1F6D319C}
2012-03-12 23:46 . 2012-03-12 23:46 -------- d-----w- c:\program files\Lexicon
2012-03-12 23:45 . 2012-03-12 23:45 -------- d-----w- c:\users\me\AppData\Local\PackageAware
2012-03-12 01:40 . 2012-03-12 01:40 -------- d-----w- c:\program files\Steinberg
2012-03-12 01:35 . 2012-03-12 01:35 -------- d-----w- c:\program files (x86)\Common Files\VST3
2012-03-10 06:37 . 2012-03-10 06:37 -------- d-----w- c:\programdata\hssff
2012-03-10 03:33 . 2012-03-10 03:33 -------- d-----w- c:\users\me\AppData\Roaming\Cycling '74
2012-03-10 03:30 . 2012-03-10 03:30 -------- d-----w- c:\users\me\AppData\Roaming\PACE Anti-Piracy
2012-03-10 03:30 . 2012-03-10 03:30 -------- d-----w- c:\users\me\AppData\Local\PACE Anti-Piracy
2012-03-10 03:30 . 2012-03-10 03:30 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-03-10 03:08 . 2012-03-10 03:08 -------- d-----w- c:\program files (x86)\Cycling '74
2012-03-10 03:06 . 2012-03-10 03:06 -------- d-----w- c:\program files (x86)\InterLok
2012-03-09 04:47 . 2009-08-25 04:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-03-09 04:42 . 2012-03-09 04:42 -------- d-----w- c:\users\me\AppData\Roaming\OtakuSoftware
2012-03-08 03:49 . 2009-10-29 18:34 579504 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v13.2.1.ocx
2012-03-08 03:49 . 2009-10-29 18:34 2381744 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.Unicode.v13.2.1.ocx
2012-03-08 03:49 . 2002-01-05 18:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-03-08 03:49 . 2002-01-05 18:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-03-08 01:13 . 2012-03-08 01:13 -------- d-----w- c:\users\me\AppData\Roaming\Ashampoo
2012-03-08 01:12 . 2012-03-08 01:13 -------- d-----w- c:\users\me\AppData\Local\ashampoo
2012-03-08 01:12 . 2012-03-08 01:12 -------- d-----w- c:\programdata\ashampoo
2012-03-08 01:11 . 2012-03-09 04:47 -------- d-----w- c:\program files (x86)\Ashampoo
2012-03-07 02:52 . 2012-03-08 00:14 -------- d-----w- c:\users\me\AppData\Roaming\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2011-02-18 01:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 09:27 . 2011-06-16 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 04:43 . 2012-01-11 04:43 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 04:43 . 2012-01-11 04:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 04:43 . 2012-01-11 04:43 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 04:43 . 2012-01-11 04:43 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 04:43 . 2012-01-11 04:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 04:43 . 2012-01-11 04:43 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 04:43 . 2012-01-11 04:43 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 04:37 . 2012-01-11 04:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 04:28 . 2012-01-11 04:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 04:28 . 2012-01-11 04:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-01-11 04:27 . 2012-01-11 04:27 867020 ----a-w- c:\windows\system32\igkrng575.bin
2012-01-11 04:27 . 2012-01-11 04:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2012-01-11 04:27 . 2012-01-11 04:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2012-01-11 04:18 . 2011-08-31 18:47 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-01-11 04:12 . 2011-08-31 18:45 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-01-11 04:06 . 2012-01-11 04:06 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 03:55 . 2012-01-11 03:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-01-11 03:42 . 2012-01-11 03:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 03:29 . 2012-01-11 03:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-01-11 03:20 . 2012-01-11 03:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-01-11 03:20 . 2012-01-11 03:20 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 03:19 . 2012-01-11 03:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 03:19 . 2012-01-11 03:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 03:19 . 2010-08-26 02:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 03:19 . 2010-08-26 02:04 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 03:19 . 2012-01-11 03:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 03:19 . 2012-01-11 03:19 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 03:19 . 2012-01-11 03:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 03:18 . 2012-01-11 03:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-01-11 03:18 . 2012-01-11 03:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 03:18 . 2010-08-26 02:03 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 03:15 . 2012-01-11 03:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-01-11 03:14 . 2012-01-11 03:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-01-11 03:12 . 2012-01-11 03:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-11 03:12 . 2012-01-11 03:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-11 03:12 . 2012-01-11 03:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-11 03:12 . 2012-01-11 03:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-11 03:12 . 2012-01-11 03:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 03:12 . 2012-01-11 03:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12 . 2012-01-11 03:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12 . 2012-01-11 03:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-01-04 23:01 . 2012-01-04 23:01 56832 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-01-04 23:01 . 2012-01-04 23:01 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-01-04 10:44 . 2012-02-16 20:40 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 20:40 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a060276a-53be-45ec-8ebe-b94b1e803179}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Expat_Shield\prxtbExpa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a060276a-53be-45ec-8ebe-b94b1e803179}"= "c:\program files (x86)\Expat_Shield\prxtbExpa.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a060276a-53be-45ec-8ebe-b94b1e803179}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"FileFort"="c:\program files (x86)\NCH Software\FileFort\filefort.exe" [2011-11-15 1010180]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 136176]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2012-02-07 30592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [2009-08-25 544768]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-23 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 06:42]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 06:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"combofix"="c:\combofix\CF2191.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NWSIPX32
clisvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E7A833EC-CD6F-4EAC-8833-F03013942FF6}: NameServer = 10.204.8.1
FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\
FF - prefs.js: browser.search.selectedEngine - Google Encrypted: No Personalization
FF - prefs.js: browser.startup.homepage - hxxp://anonymous-proxy-servers.net
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Expat Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ProfileSwitcher: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} - %profile%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\programdata\CodecCheck\firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A060276A-53BE-45EC-8EBE-B94B1E803179} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2692136488-3694835900-3377112843-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721C4669-F979-1241-B64D-8C812ED46A08}*]
"abckccgcnldphdoiibmcnnoopimoagcehm"=hex:69,61,6f,6e,6e,64,69,6c,6b,67,64,6f,
66,63,62,6c,61,6f,00,03
"bbikafddphofjcdlenlghkkfbidfhjmiajnc"=hex:69,61,6f,6e,6e,64,69,6c,6b,67,64,6f,
66,63,62,6c,61,6f,00,80
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
.
**************************************************************************
.
Completion time: 2012-03-30 13:55:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 19:55
ComboFix2.txt 2011-11-18 21:29
.
Pre-Run: 202,122,301,440 bytes free
Post-Run: 202,201,804,800 bytes free
.
- - End Of File - - 283F12B3F01433C63AFC0E4C929E3BFF

#6 elves1111

elves1111
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 30 March 2012 - 03:13 PM

Now my pc is pausing about every ten seconds for a few seconds, about every couple words am typing or so. its intermittently though. sorry to post again but am concerned now.

#7 elves1111

elves1111
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 30 March 2012 - 04:17 PM

rebooted and all is well. sorry for false alarm! heres dds logs.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by me at 15:12:05 on 2012-03-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3764.2813 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\sysWOW64\svchost.exe -k netsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NCH Software\FileFort\filefort.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA}\2627F64786562737 : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA}\D697177756374763732333 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E7A833EC-CD6F-4EAC-8833-F03013942FF6} : NameServer = 10.204.8.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO-X64: Expat Shield - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\
FF - prefs.js: browser.search.selectedEngine - Google Encrypted: No Personalization
FF - prefs.js: browser.startup.homepage - hxxp://anonymous-proxy-servers.net
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Expat Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ProfileSwitcher: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} - %profile%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - C:\ProgramData\CodecCheck\firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2012-3-13 30592]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfSdkS64.exe [2012-3-8 544768]
R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-17 331608]
R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336]
R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-26 1153368]
R2 SPService;SPService;C:\Windows\sysWOW64\svchost.exe -k netsvc --> C:\Windows\sysWOW64\svchost.exe -k netsvc [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-5 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-14 652360]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-17 2320920]
S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe [2012-1-17 77520]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-5 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 P0630VID;Creative WebCam Live!;C:\Windows\system32\DRIVERS\P0630Vid.sys --> C:\Windows\system32\DRIVERS\P0630Vid.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-30 20:03:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 19:35:44 98816 ----a-w- C:\Windows\sed.exe
2012-03-30 19:35:44 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-30 19:35:44 256000 ----a-w- C:\Windows\PEV.exe
2012-03-30 19:35:44 208896 ----a-w- C:\Windows\MBR.exe
2012-03-30 01:15:38 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-03-29 02:44:47 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-03-28 04:40:03 -------- d-----w- C:\TubeOhm-Pure-PoneV1-6
2012-03-27 20:22:50 93696 ----a-w- C:\Users\me\AppData\Roaming\ezpinst.exe
2012-03-27 20:22:50 82048 ----a-w- C:\Users\me\AppData\Roaming\pcouffin.sys
2012-03-27 20:22:46 -------- d-----w- C:\Program Files (x86)\Media Convert Master
2012-03-26 23:19:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-26 23:19:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-26 05:18:46 -------- d-----w- C:\Program Files (x86)\XaoS
2012-03-26 02:19:44 -------- d-----w- C:\Users\me\AppData\Roaming\Ultra Fractal 5
2012-03-26 02:19:44 -------- d-----w- C:\Program Files (x86)\Ultra Fractal 5
2012-03-26 02:12:22 -------- d-----w- C:\Program Files (x86)\Sterling Thornton
2012-03-23 17:39:53 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3249B3A7-13AD-4AAF-BC69-49D1BA852C8F}\mpengine.dll
2012-03-22 18:35:46 -------- d-----w- C:\Users\me\AppData\Roaming\MaskMyIP
2012-03-22 18:35:46 -------- d-----w- C:\ProgramData\MaskMyIP
2012-03-22 18:31:43 -------- d-----w- C:\Program Files (x86)\MaskMyIP
2012-03-19 03:31:04 -------- d-----w- C:\Program Files (x86)\FXpansion
2012-03-19 03:18:22 -------- d-----w- C:\Users\me\AppData\Roaming\FXpansion
2012-03-18 03:15:51 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-03-18 03:15:42 -------- d-----w- C:\Program Files\Common Files\MAGIX Services
2012-03-18 03:15:34 -------- d-----w- C:\Program Files (x86)\MAGIX
2012-03-17 20:43:11 -------- d-----w- C:\Users\me\AppData\Roaming\DarkWave Studio
2012-03-17 03:51:37 -------- d-----w- C:\Program Files (x86)\ExperimentalScene
2012-03-14 23:02:34 -------- d-----w- C:\Program Files\Camel Audio
2012-03-14 23:02:29 -------- d-----w- C:\ProgramData\Camel Audio
2012-03-14 23:02:29 -------- d-----w- C:\Program Files\VSTPlugins
2012-03-14 21:08:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 21:08:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:08:36 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:13:23 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:13:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:13:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 16:50:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 16:50:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 16:50:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 16:50:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 16:50:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 16:50:38 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 16:50:38 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 16:50:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 03:10:06 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2012-03-13 23:41:06 -------- d-----w- C:\Program Files (x86)\HWiNFO32
2012-03-12 23:46:24 -------- dc-h--w- C:\ProgramData\{54FDDA32-BC12-48BF-81E3-818E1F6D319C}
2012-03-12 23:46:24 -------- d-----w- C:\Program Files\Lexicon
2012-03-12 23:45:54 -------- d-----w- C:\Users\me\AppData\Local\PackageAware
2012-03-12 01:40:06 -------- d-----w- C:\Program Files\Steinberg
2012-03-12 01:35:31 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2012-03-10 06:37:20 -------- d-----w- C:\ProgramData\hssff
2012-03-10 03:33:30 -------- d-----w- C:\Users\me\AppData\Roaming\Cycling '74
2012-03-10 03:30:33 -------- d-----w- C:\Users\me\AppData\Roaming\PACE Anti-Piracy
2012-03-10 03:30:33 -------- d-----w- C:\Users\me\AppData\Local\PACE Anti-Piracy
2012-03-10 03:30:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-03-10 03:08:19 -------- d-----w- C:\Program Files (x86)\Cycling '74
2012-03-10 03:06:16 -------- d-----w- C:\Program Files (x86)\InterLok
2012-03-09 04:47:15 34304 ----a-w- C:\Windows\System32\DfSdkBt.exe
2012-03-09 04:42:20 -------- d-----w- C:\Users\me\AppData\Roaming\OtakuSoftware
2012-03-08 03:49:46 579504 ----a-w- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v13.2.1.ocx
2012-03-08 03:49:46 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2012-03-08 03:49:46 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-03-08 03:49:46 2381744 ----a-w- C:\Windows\SysWow64\Codejock.CommandBars.Unicode.v13.2.1.ocx
2012-03-08 01:13:18 -------- d-----w- C:\Users\me\AppData\Roaming\Ashampoo
2012-03-08 01:12:15 -------- d-----w- C:\Users\me\AppData\Local\ashampoo
2012-03-08 01:12:15 -------- d-----w- C:\ProgramData\ashampoo
2012-03-08 01:11:26 -------- d-----w- C:\Program Files (x86)\Ashampoo
.
==================== Find3M ====================
.
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-20 09:27:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 04:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe
2012-01-11 04:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-01-11 04:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe
2012-01-11 04:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe
2012-01-11 04:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe
2012-01-11 04:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe
2012-01-11 04:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-01-11 04:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll
2012-01-11 04:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll
2012-01-11 04:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-01-11 04:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2012-01-11 04:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin
2012-01-11 04:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin
2012-01-11 04:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin
2012-01-11 04:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin
2012-01-11 04:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin
2012-01-11 04:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-01-11 04:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2012-01-11 04:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-01-11 03:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-01-11 03:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-01-11 03:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-01-11 03:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-01-11 03:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-01-11 03:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-01-11 03:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll
2012-01-11 03:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-01-11 03:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll
2012-01-11 03:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-01-11 03:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-01-11 03:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2012-01-11 03:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-01-11 03:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-01-11 03:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-01-11 03:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-01-11 03:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-01-11 03:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-01-11 03:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-01-11 03:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-01-11 03:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-01-04 23:01:56 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2012-01-04 23:01:54 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 15:14:04.14 ===============

Attached Files



#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 AM

Posted 31 March 2012 - 03:55 AM

Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer


Disable WinPatrol's realtime protection.
  • Right-click the running icon of Winpatrol in the system tray
  • Choose exit. It will automatically restart at next boot.



Open notepad and copy/paste the text in the quotebox below into it:

NetSvc::
NWSIPX32
clisvc
RegNull::
[HKEY_USERS\S-1-5-21-2692136488-3694835900-3377112843-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721C4669-F979-1241-B64D-8C812ED46A08}*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...


Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 3.
  • Click the
    Download
    button under JRE.
  • Check the box that says:
    Accept License Agreement.
  • Click on the jre-7u3-windows-i586.exe link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 elves1111

elves1111
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 31 March 2012 - 08:28 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by me at 19:16:22 on 2012-03-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3764.1689 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA}\2627F64786562737 : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{1E3886D4-759A-44D0-A075-FB46C52A0BAA}\D697177756374763732333 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E7A833EC-CD6F-4EAC-8833-F03013942FF6} : NameServer = 10.204.8.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
BHO-X64: Expat Shield - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Expat Shield Toolbar: {a060276a-53be-45ec-8ebe-b94b1e803179} - C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\
FF - prefs.js: browser.search.selectedEngine - Google Encrypted: No Personalization
FF - prefs.js: browser.startup.homepage - hxxp://anonymous-proxy-servers.net
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Expat Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ProfileSwitcher: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} - %profile%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - C:\ProgramData\CodecCheck\firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2012-3-13 30592]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfSdkS64.exe [2012-3-8 544768]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-17 331608]
R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336]
R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-14 652360]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-26 1153368]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-17 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-5 136176]
S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe [2012-1-17 77520]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-5 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 P0630VID;Creative WebCam Live!;C:\Windows\system32\DRIVERS\P0630Vid.sys --> C:\Windows\system32\DRIVERS\P0630Vid.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-31 21:07:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-31 21:07:24 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-31 21:03:18 -------- d-----w- C:\Users\me\AppData\Roaming\ESET
2012-03-31 21:03:18 -------- d-----w- C:\Users\me\AppData\Local\ESET
2012-03-31 20:53:55 -------- d-----w- C:\Program Files\ESET
2012-03-31 20:11:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90E6595E-01AC-4987-8B7C-3782707D1EC8}\offreg.dll
2012-03-31 16:56:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90E6595E-01AC-4987-8B7C-3782707D1EC8}\mpengine.dll
2012-03-30 21:48:21 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
2012-03-30 21:48:21 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2012-03-30 21:48:21 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
2012-03-30 21:48:21 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
2012-03-30 21:48:21 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
2012-03-30 21:48:21 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2012-03-30 21:48:21 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll
2012-03-30 21:48:19 -------- d-----w- C:\Program Files (x86)\VSO
2012-03-30 19:35:44 98816 ----a-w- C:\Windows\sed.exe
2012-03-30 19:35:44 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-30 19:35:44 256000 ----a-w- C:\Windows\PEV.exe
2012-03-30 19:35:44 208896 ----a-w- C:\Windows\MBR.exe
2012-03-30 01:15:38 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-03-29 02:44:47 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-03-28 04:40:03 -------- d-----w- C:\TubeOhm-Pure-PoneV1-6
2012-03-27 20:22:50 93696 ----a-w- C:\Users\me\AppData\Roaming\ezpinst.exe
2012-03-27 20:22:50 82048 ----a-w- C:\Users\me\AppData\Roaming\pcouffin.sys
2012-03-27 20:22:46 -------- d-----w- C:\Program Files (x86)\Media Convert Master
2012-03-26 23:19:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-26 23:19:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-26 05:18:46 -------- d-----w- C:\Program Files (x86)\XaoS
2012-03-26 02:19:44 -------- d-----w- C:\Users\me\AppData\Roaming\Ultra Fractal 5
2012-03-26 02:19:44 -------- d-----w- C:\Program Files (x86)\Ultra Fractal 5
2012-03-26 02:12:22 -------- d-----w- C:\Program Files (x86)\Sterling Thornton
2012-03-22 18:35:46 -------- d-----w- C:\Users\me\AppData\Roaming\MaskMyIP
2012-03-22 18:35:46 -------- d-----w- C:\ProgramData\MaskMyIP
2012-03-22 18:31:43 -------- d-----w- C:\Program Files (x86)\MaskMyIP
2012-03-19 03:31:04 -------- d-----w- C:\Program Files (x86)\FXpansion
2012-03-19 03:18:22 -------- d-----w- C:\Users\me\AppData\Roaming\FXpansion
2012-03-18 03:15:51 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-03-18 03:15:42 -------- d-----w- C:\Program Files\Common Files\MAGIX Services
2012-03-18 03:15:34 -------- d-----w- C:\Program Files (x86)\MAGIX
2012-03-17 20:43:11 -------- d-----w- C:\Users\me\AppData\Roaming\DarkWave Studio
2012-03-17 03:51:37 -------- d-----w- C:\Program Files (x86)\ExperimentalScene
2012-03-14 23:02:34 -------- d-----w- C:\Program Files\Camel Audio
2012-03-14 23:02:29 -------- d-----w- C:\ProgramData\Camel Audio
2012-03-14 23:02:29 -------- d-----w- C:\Program Files\VSTPlugins
2012-03-14 21:08:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 21:08:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:08:36 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:13:23 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:13:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:13:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 16:50:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 16:50:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 16:50:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 16:50:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 16:50:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 16:50:38 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 16:50:38 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 16:50:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 03:10:06 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2012-03-13 23:41:06 -------- d-----w- C:\Program Files (x86)\HWiNFO32
2012-03-12 23:46:24 -------- dc-h--w- C:\ProgramData\{54FDDA32-BC12-48BF-81E3-818E1F6D319C}
2012-03-12 23:46:24 -------- d-----w- C:\Program Files\Lexicon
2012-03-12 23:45:54 -------- d-----w- C:\Users\me\AppData\Local\PackageAware
2012-03-12 01:40:06 -------- d-----w- C:\Program Files\Steinberg
2012-03-12 01:35:31 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2012-03-10 06:37:20 -------- d-----w- C:\ProgramData\hssff
2012-03-10 03:33:30 -------- d-----w- C:\Users\me\AppData\Roaming\Cycling '74
2012-03-10 03:30:33 -------- d-----w- C:\Users\me\AppData\Roaming\PACE Anti-Piracy
2012-03-10 03:30:33 -------- d-----w- C:\Users\me\AppData\Local\PACE Anti-Piracy
2012-03-10 03:30:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-03-10 03:08:19 -------- d-----w- C:\Program Files (x86)\Cycling '74
2012-03-10 03:06:16 -------- d-----w- C:\Program Files (x86)\InterLok
2012-03-09 04:47:15 34304 ----a-w- C:\Windows\System32\DfSdkBt.exe
2012-03-09 04:42:20 -------- d-----w- C:\Users\me\AppData\Roaming\OtakuSoftware
2012-03-08 03:49:46 579504 ----a-w- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v13.2.1.ocx
2012-03-08 03:49:46 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2012-03-08 03:49:46 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-03-08 03:49:46 2381744 ----a-w- C:\Windows\SysWow64\Codejock.CommandBars.Unicode.v13.2.1.ocx
2012-03-08 01:13:18 -------- d-----w- C:\Users\me\AppData\Roaming\Ashampoo
2012-03-08 01:12:15 -------- d-----w- C:\Users\me\AppData\Local\ashampoo
2012-03-08 01:12:15 -------- d-----w- C:\ProgramData\ashampoo
2012-03-08 01:11:26 -------- d-----w- C:\Program Files (x86)\Ashampoo
.
==================== Find3M ====================
.
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-20 09:27:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 04:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe
2012-01-11 04:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-01-11 04:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe
2012-01-11 04:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe
2012-01-11 04:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe
2012-01-11 04:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe
2012-01-11 04:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-01-11 04:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll
2012-01-11 04:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll
2012-01-11 04:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-01-11 04:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2012-01-11 04:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin
2012-01-11 04:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin
2012-01-11 04:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin
2012-01-11 04:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin
2012-01-11 04:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin
2012-01-11 04:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-01-11 04:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2012-01-11 04:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-01-11 03:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-01-11 03:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-01-11 03:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-01-11 03:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-01-11 03:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-01-11 03:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-01-11 03:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll
2012-01-11 03:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-01-11 03:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll
2012-01-11 03:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-01-11 03:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-01-11 03:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2012-01-11 03:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-01-11 03:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-01-11 03:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-01-11 03:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-01-11 03:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-01-11 03:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-01-11 03:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-01-11 03:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-01-11 03:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-01-04 23:01:56 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2012-01-04 23:01:54 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 19:17:03.24 ===============

ComboFix 12-03-30.06 - me 03/31/2012 15:19:44.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3764.2697 [GMT -6:00]
Running from: c:\users\me\Desktop\ComboFix.exe
Command switches used :: c:\users\me\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.Dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 21:29 . 2012-03-31 21:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-31 21:29 . 2012-03-31 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 21:29 . 2012-03-31 21:29 -------- d-----w- c:\users\Craig\AppData\Local\temp
2012-03-31 21:07 . 2012-03-31 21:07 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-31 21:07 . 2012-03-31 21:07 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 21:07 . 2012-03-31 21:07 -------- d-----w- c:\program files\Java
2012-03-31 21:03 . 2012-03-31 21:03 -------- d-----w- c:\users\me\AppData\Local\ESET
2012-03-31 20:53 . 2012-03-31 20:53 -------- d-----w- c:\program files\ESET
2012-03-31 20:11 . 2012-03-31 20:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90E6595E-01AC-4987-8B7C-3782707D1EC8}\offreg.dll
2012-03-31 16:56 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90E6595E-01AC-4987-8B7C-3782707D1EC8}\mpengine.dll
2012-03-30 21:48 . 2009-09-02 19:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-03-30 21:48 . 2009-09-02 19:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-03-30 21:48 . 2009-09-02 19:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-03-30 21:48 . 2009-09-02 19:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-03-30 21:48 . 2009-09-02 19:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-03-30 21:48 . 2009-09-02 19:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-03-30 21:48 . 2009-09-02 19:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-03-30 21:48 . 2012-03-30 21:48 -------- d-----w- c:\program files (x86)\VSO
2012-03-30 01:15 . 2012-03-30 01:15 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-03-29 02:44 . 2009-10-25 03:15 1332224 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2012-03-28 04:40 . 2012-03-28 04:40 -------- d-----w- C:\TubeOhm-Pure-PoneV1-6
2012-03-27 20:22 . 2012-03-27 20:23 -------- d-----w- c:\users\me\AppData\Roaming\Vso
2012-03-27 20:22 . 2012-03-27 20:22 93696 ----a-w- c:\users\me\AppData\Roaming\ezpinst.exe
2012-03-27 20:22 . 2012-03-27 20:22 82048 ----a-w- c:\users\me\AppData\Roaming\pcouffin.sys
2012-03-27 20:22 . 2012-03-27 20:23 -------- d-----w- c:\program files (x86)\Media Convert Master
2012-03-26 23:19 . 2012-03-26 23:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-26 23:19 . 2012-03-26 23:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-26 05:18 . 2012-03-26 05:18 -------- d-----w- c:\program files (x86)\XaoS
2012-03-26 02:19 . 2012-03-26 02:20 -------- d-----w- c:\users\me\AppData\Roaming\Ultra Fractal 5
2012-03-26 02:19 . 2012-03-26 02:19 -------- d-----w- c:\program files (x86)\Ultra Fractal 5
2012-03-26 02:12 . 2012-03-26 02:12 -------- d-----w- c:\program files (x86)\Sterling Thornton
2012-03-22 18:35 . 2012-03-22 18:35 -------- d-----w- c:\users\me\AppData\Roaming\MaskMyIP
2012-03-22 18:35 . 2012-03-22 18:35 -------- d-----w- c:\programdata\MaskMyIP
2012-03-22 18:31 . 2012-03-26 22:34 -------- d-----w- c:\program files (x86)\MaskMyIP
2012-03-19 03:31 . 2012-03-19 03:32 -------- d-----w- c:\program files (x86)\FXpansion
2012-03-19 03:18 . 2012-03-20 02:26 -------- d-----w- c:\users\me\AppData\Roaming\FXpansion
2012-03-18 03:15 . 2012-03-18 03:15 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-03-18 03:15 . 2012-03-18 03:15 -------- d-----w- c:\program files\Common Files\MAGIX Services
2012-03-18 03:15 . 2012-03-18 03:15 -------- d-----w- c:\program files (x86)\MAGIX
2012-03-17 20:43 . 2012-03-17 21:44 -------- d-----w- c:\users\me\AppData\Roaming\DarkWave Studio
2012-03-17 03:51 . 2012-03-17 21:44 -------- d-----w- c:\program files (x86)\ExperimentalScene
2012-03-14 23:02 . 2012-03-14 23:02 -------- d-----w- c:\program files\Camel Audio
2012-03-14 23:02 . 2012-03-14 23:02 -------- d-----w- c:\program files\VSTPlugins
2012-03-14 23:02 . 2012-03-14 23:02 -------- d-----w- c:\programdata\Camel Audio
2012-03-14 21:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 21:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:13 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:13 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 16:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 16:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 16:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 16:50 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 16:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 16:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 16:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 16:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 03:10 . 2012-03-14 03:10 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-03-13 23:41 . 2012-03-13 23:46 -------- d-----w- c:\program files (x86)\HWiNFO32
2012-03-12 23:46 . 2012-03-12 23:46 -------- dc-h--w- c:\programdata\{54FDDA32-BC12-48BF-81E3-818E1F6D319C}
2012-03-12 23:46 . 2012-03-12 23:46 -------- d-----w- c:\program files\Lexicon
2012-03-12 23:45 . 2012-03-12 23:45 -------- d-----w- c:\users\me\AppData\Local\PackageAware
2012-03-12 01:40 . 2012-03-12 01:40 -------- d-----w- c:\program files\Steinberg
2012-03-12 01:35 . 2012-03-12 01:35 -------- d-----w- c:\program files (x86)\Common Files\VST3
2012-03-10 06:37 . 2012-03-10 06:37 -------- d-----w- c:\programdata\hssff
2012-03-10 03:33 . 2012-03-10 03:33 -------- d-----w- c:\users\me\AppData\Roaming\Cycling '74
2012-03-10 03:30 . 2012-03-10 03:30 -------- d-----w- c:\users\me\AppData\Roaming\PACE Anti-Piracy
2012-03-10 03:30 . 2012-03-10 03:30 -------- d-----w- c:\users\me\AppData\Local\PACE Anti-Piracy
2012-03-10 03:30 . 2012-03-10 03:30 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-03-10 03:08 . 2012-03-10 03:08 -------- d-----w- c:\program files (x86)\Cycling '74
2012-03-10 03:06 . 2012-03-10 03:06 -------- d-----w- c:\program files (x86)\InterLok
2012-03-09 04:47 . 2009-08-25 04:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-03-09 04:42 . 2012-03-09 04:42 -------- d-----w- c:\users\me\AppData\Roaming\OtakuSoftware
2012-03-08 03:49 . 2009-10-29 18:34 579504 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v13.2.1.ocx
2012-03-08 03:49 . 2009-10-29 18:34 2381744 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.Unicode.v13.2.1.ocx
2012-03-08 03:49 . 2002-01-05 18:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-03-08 03:49 . 2002-01-05 18:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-03-08 01:13 . 2012-03-08 01:13 -------- d-----w- c:\users\me\AppData\Roaming\Ashampoo
2012-03-08 01:12 . 2012-03-08 01:13 -------- d-----w- c:\users\me\AppData\Local\ashampoo
2012-03-08 01:12 . 2012-03-08 01:12 -------- d-----w- c:\programdata\ashampoo
2012-03-08 01:11 . 2012-03-09 04:47 -------- d-----w- c:\program files (x86)\Ashampoo
2012-03-07 02:52 . 2012-03-08 00:14 -------- d-----w- c:\users\me\AppData\Roaming\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2011-02-18 01:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 09:27 . 2011-06-16 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 04:43 . 2012-01-11 04:43 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 04:43 . 2012-01-11 04:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 04:43 . 2012-01-11 04:43 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 04:43 . 2012-01-11 04:43 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 04:43 . 2012-01-11 04:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 04:43 . 2012-01-11 04:43 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 04:43 . 2012-01-11 04:43 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 04:37 . 2012-01-11 04:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 04:28 . 2012-01-11 04:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 04:28 . 2012-01-11 04:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-01-11 04:27 . 2012-01-11 04:27 867020 ----a-w- c:\windows\system32\igkrng575.bin
2012-01-11 04:27 . 2012-01-11 04:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2012-01-11 04:27 . 2012-01-11 04:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2012-01-11 04:18 . 2011-08-31 18:47 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-01-11 04:12 . 2011-08-31 18:45 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-01-11 04:06 . 2012-01-11 04:06 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 03:55 . 2012-01-11 03:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-01-11 03:42 . 2012-01-11 03:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 03:29 . 2012-01-11 03:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-01-11 03:20 . 2012-01-11 03:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-01-11 03:20 . 2012-01-11 03:20 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 03:19 . 2012-01-11 03:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 03:19 . 2012-01-11 03:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 03:19 . 2010-08-26 02:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 03:19 . 2010-08-26 02:04 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 03:19 . 2012-01-11 03:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 03:19 . 2012-01-11 03:19 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 03:19 . 2012-01-11 03:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 03:18 . 2012-01-11 03:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-01-11 03:18 . 2012-01-11 03:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 03:18 . 2010-08-26 02:03 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 03:15 . 2012-01-11 03:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-01-11 03:14 . 2012-01-11 03:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-01-11 03:12 . 2012-01-11 03:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-01-11 03:12 . 2012-01-11 03:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-01-11 03:12 . 2012-01-11 03:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-01-11 03:12 . 2012-01-11 03:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-01-11 03:12 . 2012-01-11 03:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 03:12 . 2012-01-11 03:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12 . 2012-01-11 03:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12 . 2012-01-11 03:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-01-04 23:01 . 2012-01-04 23:01 56832 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-01-04 23:01 . 2012-01-04 23:01 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-01-04 10:44 . 2012-02-16 20:40 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 20:40 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_19.48.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-18 02:31 . 2012-03-30 21:12 30244 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 21:33 31404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-18 01:30 . 2012-03-31 21:33 11172 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2692136488-3694835900-3377112843-1001_UserData.bin
- 2009-07-14 05:30 . 2012-03-30 19:50 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-31 20:55 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-04 15:20 . 2011-08-04 15:20 38288 c:\windows\system32\DriverStore\FileRepository\epfwlwf.inf_amd64_neutral_97e5bc8a9df262cc\EpfwLWF.sys
+ 2011-08-04 15:20 . 2011-08-04 15:20 62496 c:\windows\system32\drivers\epfwwfp.sys
+ 2011-08-04 15:20 . 2011-08-04 15:20 38288 c:\windows\system32\drivers\EpfwLWF.sys
- 2011-12-13 22:43 . 2012-03-29 23:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-13 22:43 . 2012-03-30 19:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-31 20:54 . 2012-03-31 20:54 10134 c:\windows\Installer\{4E871FDC-9F08-4B4F-86AE-6BAA1A282E2C}\callmsi.exe
- 2012-03-30 19:47 . 2012-03-30 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 21:31 . 2012-03-31 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 19:47 . 2012-03-30 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-31 21:31 . 2012-03-31 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-03-30 19:47 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-31 21:31 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 23:52 . 2012-03-31 18:14 325818 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-29 23:18 626024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-31 21:13 626024 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-29 23:18 107358 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-31 21:13 107358 c:\windows\system32\perfc009.dat
+ 2012-03-31 21:07 . 2012-03-31 21:07 264584 c:\windows\system32\javaws.exe
+ 2012-03-31 21:07 . 2012-03-31 21:07 188808 c:\windows\system32\javaw.exe
+ 2012-03-31 21:07 . 2012-03-31 21:07 188808 c:\windows\system32\java.exe
+ 2009-07-14 05:30 . 2012-03-31 20:55 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-30 19:50 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-30 19:50 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-31 20:55 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-04 15:20 . 2011-08-04 15:20 187632 c:\windows\system32\drivers\epfw.sys
+ 2011-08-04 15:20 . 2011-08-04 15:20 146432 c:\windows\system32\drivers\ehdrv.sys
+ 2011-08-09 20:24 . 2011-08-09 20:24 202576 c:\windows\system32\drivers\eamonm.sys
+ 2011-02-18 02:13 . 2012-03-30 19:47 573440 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 02:13 . 2012-03-29 23:13 573440 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-03-26 22:46 265980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-31 21:29 265980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-09 09:30 . 2012-03-31 21:08 935676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2692136488-3694835900-3377112843-1001-8192.dat
- 2011-10-09 09:30 . 2012-03-26 02:44 935676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2692136488-3694835900-3377112843-1001-8192.dat
+ 2012-03-31 21:07 . 2012-03-31 21:07 973824 c:\windows\Installer\5157f2a.msi
+ 2012-03-31 20:54 . 2012-03-31 20:54 105624 c:\windows\Installer\{4E871FDC-9F08-4B4F-86AE-6BAA1A282E2C}\egui.exe
+ 2009-07-14 04:54 . 2012-03-31 21:31 4964352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-30 19:47 4964352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-31 21:31 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-30 19:47 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-29 23:13 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 19:47 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-18 15:53 . 2011-10-18 15:53 63255040 c:\windows\Installer\5157cab.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a060276a-53be-45ec-8ebe-b94b1e803179}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Expat_Shield\prxtbExpa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a060276a-53be-45ec-8ebe-b94b1e803179}"= "c:\program files (x86)\Expat_Shield\prxtbExpa.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a060276a-53be-45ec-8ebe-b94b1e803179}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"FileFort"="c:\program files (x86)\NCH Software\FileFort\filefort.exe" [2011-11-15 1010180]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 136176]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2012-02-07 30592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [2009-08-25 544768]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-23 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 06:42]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 06:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"combofix"="c:\combofix\CF10890.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NWSIPX32
clisvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E7A833EC-CD6F-4EAC-8833-F03013942FF6}: NameServer = 10.204.8.1
FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\
FF - prefs.js: browser.search.selectedEngine - Google Encrypted: No Personalization
FF - prefs.js: browser.startup.homepage - hxxp://anonymous-proxy-servers.net
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Expat Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ProfileSwitcher: {fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} - %profile%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\programdata\CodecCheck\firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
WebBrowser-{A060276A-53BE-45EC-8EBE-B94B1E803179} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\Expat Shield\bin\openvpntray.exe
.
**************************************************************************
.
Completion time: 2012-03-31 15:37:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 21:37
ComboFix2.txt 2012-03-30 19:55
ComboFix3.txt 2011-11-18 21:29
.
Pre-Run: 197,407,797,248 bytes free
Post-Run: 197,087,121,408 bytes free
.
- - End Of File - - D343EF9EE5C6C579CD24CBC405092975

Scan Log
Version of virus signature database: 6484 (20110922)
Date: 3/31/2012 Time: 5:09:03 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Open Freely\Redist\K-Lite_Codec_Pack_700_Standard.exe » INNO » - unsupported option
C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\Translation\Index.txt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/client/res/flightsim/controller/xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe » 7ZIP » program files/Google/Google Earth/plugin/res/flightsim/controller/xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\MaskMyIP\ffextension.xpi » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\MaskMyIP\res\trialnotify.mht » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Motorola Phone Tools\olregist.mht » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Opera\styles\m2_upgrade_1160.mbs » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Opera\styles\m2_welcome_message.mbs » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe » NSIS » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe » NSIS » ToolbarUpdaterService.exe - a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\ProgramData\CodecCheck\firefox\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\ProgramData\eLicenser\Logs\eLCC_Actions.log » MIME - is OK (internal scanning not performed)
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » files.info - internal error (10010)
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\ProgramData\Real\setup\config.ini - error opening [4]
C:\ProgramData\Spybot - Search & Destroy\Recovery\Missinghelpfile.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Missinghelpfile.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Missinghelpfile1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Missinghelpfile1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\Wrongapppath4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\System Volume Information\Syscache.hve - error opening [4]
C:\System Volume Information\Syscache.hve.LOG1 - error opening [4]
C:\System Volume Information\Syscache.hve.LOG2 - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b427e5a4-79f4-11e1-90cf-00262d70f1ee}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b8173ebf-7aac-11e1-8e01-00262d70f1ee}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b8173f0e-7aac-11e1-8e01-00262d70f1ee}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b8173f27-7aac-11e1-8e01-00262d70f1ee}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b8173f2b-7aac-11e1-8e01-00262d70f1ee}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\All Users\CodecCheck\firefox\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\All Users\eLicenser\Logs\eLCC_Actions.log » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » files.info - internal error (10010)
C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Real\setup\config.ini - error opening [4]
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Missinghelpfile.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Missinghelpfile.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Missinghelpfile1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Missinghelpfile1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WiIQfraud3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\Wrongapppath4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\me\ntuser.dat - error opening [4]
C:\Users\me\ntuser.dat.LOG1 - error opening [4]
C:\Users\me\ntuser.dat.LOG2 - error opening [4]
C:\Users\me\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\me\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\me\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr07U1D.tmp - JS/Kryptik.AD trojan - cleaned by deleting - quarantined [1]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr07YPD.tmp » GZIP » opr07YPD.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr07YX3.tmp » GZIP » opr07YX3.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr083UV.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr083WU.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr083Y5.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr083YQ.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0842D.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08444.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0845A.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08B79.tmp » GZIP » opr08B79.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08B7E.tmp » GZIP » opr08B7E.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08BZS.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08C0L.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08JG7.tmp » GZIP » opr08JG7.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08LC3.tmp » GZIP » opr08LC3.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08LDJ.tmp » GZIP » opr08LDJ.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08LFJ.tmp » GZIP » opr08LFJ.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr08N9Q.tmp » GZIP » opr08N9Q.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr09DK8.tmp » GZIP » opr09DK8.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr09TXK.tmp » GZIP » opr09TXK.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr09TY5.tmp » GZIP » opr09TY5.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0A5MM.tmp » GZIP » opr0A5MM.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0A5NM.tmp » GZIP » opr0A5NM.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CQPI.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS5D.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS5V.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS5W.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS5X.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS5Y.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS5Z.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS60.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS61.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS62.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS63.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS64.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS65.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS66.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CS67.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSCQ.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSD8.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSD9.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDA.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDE.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDI.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDJ.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDK.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDL.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDM.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0CSDO.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0E46H.tmp » GZIP » opr0E46H.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0E49T.tmp » GZIP » opr0E49T.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0EN1R.tmp » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0EX2U.tmp » GZIP » opr0EX2U.tmp - archive damaged
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0FRFI.tmp » GZIP » opr0FRFI.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0FTH6.tmp » GZIP » opr0FTH6.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0FTIH.tmp » GZIP » opr0FTIH.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0FTL9.tmp » GZIP » opr0FTL9.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0FTMP.tmp » GZIP » opr0FTMP.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0FTOS.tmp » GZIP » opr0FTOS.tmp - error reading archive
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG27.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG2H.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG2I.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG2K.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG31.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG32.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG36.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG37.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG38.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG39.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG3E.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG3J.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG3M.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG3R.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG3V.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG43.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG44.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG45.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG46.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG47.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG4C.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG4D.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG4G.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG5I.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG6Q.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG6S.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG6T.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG6U.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG6X.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG72.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG7W.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG81.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG84.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG95.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG9B.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG9I.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG9L.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GG9M.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGAE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGAL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGAN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGAO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGB1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGB2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGBB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGBC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGBD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGBN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGBT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGCQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGDR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGDT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGE8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGEK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGEU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGGN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGI8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGIA.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGIF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGIQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGJD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGJU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGL0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLM.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGLZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGM9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGMD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGML.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGMR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGMS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGMV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGMY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGN1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGN4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNI.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNM.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGNY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGO0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGO1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGO2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGO9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGOZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGP0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGP1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGP2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGP4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGP5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGP6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPH.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPJ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPM.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGPY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQ5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQM.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGQS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGR4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGR6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGR8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGR9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRA.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRH.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRI.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRJ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRM.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGRY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGS4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGS7.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSA.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSJ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGST.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGSY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGT0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGT7.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGT9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTA.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTI.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGTZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGU0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGU1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGU2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGU6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGU7.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGU9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGUZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGV0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGV1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGV4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGV7.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGV8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVD.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVJ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGVZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGW3.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGW6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGW7.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWI.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGWZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGX2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGX3.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGX4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGX5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGX6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXG.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXH.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXI.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXM.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGXZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGY9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYA.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYE.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYN.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYO.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYR.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGYV.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZ1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZ3.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZ4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZ8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZB.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZC.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZG.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZH.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZT.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GGZW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH00.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH04.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH06.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH07.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH08.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0A.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0D.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0E.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0G.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0I.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0K.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0L.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0P.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0Q.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0R.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH0T.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH10.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH14.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH15.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1B.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1E.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1G.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1J.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1K.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1L.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1M.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1O.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1P.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1Q.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1R.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1S.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1T.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1U.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1V.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1W.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1X.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH1Z.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH20.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH21.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH22.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH23.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH24.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH26.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH28.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH29.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH2A.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH2B.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH2C.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH2D.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH2E.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH2F.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH46.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH6V.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH70.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH73.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH76.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GH9K.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHDX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHDY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHE0.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHE1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHE2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHE5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHE6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHE9.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHED.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEF.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEG.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEI.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEL.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHER.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHES.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEU.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEW.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEY.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHEZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF3.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF4.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF5.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF6.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHF8.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHFK.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHFP.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHFQ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHFS.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHFX.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHFZ.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHG1.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHG2.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\cache\sesn\opr0GHG3.tmp - error opening [4]
C:\Users\me\AppData\Local\Opera\Opera\mail\store\account2\2011\05\28\5.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\account2\2011\12\10\23.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\10.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\11.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\12.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\13.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\14.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\15.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\16.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\17.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\18.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\19.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\20.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\21.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\22.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\24.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\25.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\26.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\27.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\28.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\6.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\7.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\8.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\mail\store\drafts\9.mbs » MBOX - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Opera\Opera\temporary_downloads\vsoConvertXtoDVD4_setup.exe » INNO » files.info - internal error (10010)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0017FFC054D3422CED6A87C410D241B358000000000011FF7B.exe » 7ZIP » Chipset_Intel(GM45)_v9.1.1.1014_Win7x86x64/Lang/CHIP/PTB/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0017FFC054D3422CED6A87C410D241B358000000000011FF7B.exe » 7ZIP » Chipset_Intel(GM45)_v9.1.1.1014_Win7x86x64/Lang/CHIP/PTG/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0017FFC054D3422CED6A87C410D241B358000000000011FF7B.exe » 7ZIP » Chipset_Intel(GM45)_v9.1.1.1014_Win7x86x64/Lang/CHIP/ESP/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0017FFC054D3422CED6A87C410D241B358000000000011FF7B.exe » 7ZIP » Chipset_Intel(GM45)_v9.1.1.1014_Win7x86x64/Lang/CHIP/ITA/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0036507BD83CFF3C50AE633A44213B5C5B00000000001211F4.exe » 7ZIP » Lang/CHIP/PTB/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0036507BD83CFF3C50AE633A44213B5C5B00000000001211F4.exe » 7ZIP » Lang/CHIP/PTG/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0036507BD83CFF3C50AE633A44213B5C5B00000000001211F4.exe » 7ZIP » Lang/CHIP/ESP/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\0036507BD83CFF3C50AE633A44213B5C5B00000000001211F4.exe » 7ZIP » Lang/CHIP/ITA/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00A1679D6CB63A98920277FADBB9ED70AE0000000000124427.exe » 7ZIP » Chipset_Intel_9.2.0.1015_W7x86x64/Lang/CHIP/PTB/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00A1679D6CB63A98920277FADBB9ED70AE0000000000124427.exe » 7ZIP » Chipset_Intel_9.2.0.1015_W7x86x64/Lang/CHIP/PTG/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00A1679D6CB63A98920277FADBB9ED70AE0000000000124427.exe » 7ZIP » Chipset_Intel_9.2.0.1015_W7x86x64/Lang/CHIP/ESP/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00A1679D6CB63A98920277FADBB9ED70AE0000000000124427.exe » 7ZIP » Chipset_Intel_9.2.0.1015_W7x86x64/Lang/CHIP/ITA/license.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Local\Temp\fla92F9.tmp - error opening [4]
C:\Users\me\AppData\Local\Temp\flaEFA2.tmp - error opening [4]
C:\Users\me\AppData\LocalLow\Sun\Java\jre1.7.0_03_x64\Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\nuw83slz.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\me\Desktop\corel\CorelDRAW.Graphics.Suite.X6.v16.0.0.707.x64.Incl.Keymaker-CORE\cr-sdq01.zip » ZIP » CorelDRAWGraphicsSuiteX6Installer_EN64Bit.part01.rar » RAR » CorelDRAWGraphicsSuiteX6Installer_EN64Bit.exe - next archive volume not found
C:\Users\me\Desktop\corel\CorelDRAW.Graphics.Suite.X6.v16.0.0.707.x64.Incl.Keymaker-CORE\cr-sdq01.zip » ZIP » keygen.exe » PECompact v2.xx - a variant of Win32/Keygen.AU potentially unwanted application
C:\Users\me\Desktop\power\Linezer0.part1.rar » RAR » PowerISO5.exe » NSIS » AVG0Toolbar0v.9.23.exe - archive damaged - the file could not be extracted.
C:\Users\me\Desktop\power\Power.Software.PowerISO.v5.0.MULTILINGUAL.Incl.Keygen-Lz0\lzrcave1.zip » ZIP » Linezer0.part1.rar » RAR » PowerISO5.exe » NSIS » AVG0Toolbar0v.9.23.exe - archive damaged - the file could not be extracted.
C:\Users\me\Desktop\programs\FL.Studio.v10.0.2-SHOCK.part1.rar » RAR » FL.Studio.v10.0.2-SHOCK\shkfls01.zip » ZIP » shkfls01.rar » RAR » flstudio_10.0.2_online.exe » NSIS » SG.dll - archive damaged - the file could not be extracted.
C:\Users\me\Desktop\programs\FL.Studio.v10.0.2-SHOCK.part1.rar » RAR » FL.Studio.v10.0.2-SHOCK\shkfls42.zip » ZIP » shkfls42.rar - archive damaged
C:\Users\me\Documents\Abrosoft_FantaMorph_Deluxe_5.3.1.rar » RAR » CORE\cr-fm521.exe » PECompact v2.xx - a variant of Win32/Keygen.AC potentially unwanted application
C:\Users\me\Documents\AcDiMeAcPrv50046.rar » RAR » Acon.Digital.Media.Acoustica.Premium.v5.0.0.46.Incl.Keygen-BEAN\ap_eng.rar » RAR » AcousticaPremium500us.exe » INNO » - archive damaged
C:\Users\me\Documents\AF.FX.DCAM.Synth.Squad.VSTi.RTAS.v1.0.1.2.rar » RAR » a-d1012a.zip » ZIP » a-d1012.rar » RAR » DCAM_Synth_Squad_Installer_v1-0-1-2.exe » 7ZIP » - error reading archive
C:\Users\me\Documents\Arturia Spark ViDrMav10.rar » RAR » Arturia.Spark.Vintage.Drume.Machine.v1.0.x86.x64-ASSiGN\asgn1693.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Bitsonic.Waspy.2.v2.4-ASSiGN.rar » RAR » Bitsonic.Waspy.2.v2.4-ASSiGN\asgn1574.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\bx_ALL.2012.Bundle.v1.0.R3.x86.x64-ASSiGN.rar » RAR » brainworx.bx_ALL.2012.Bundle.v1.0.R3.x86.x64-ASSiGN\asgn1747.rar » RAR » setup.exe » NSIS » bx_dynEQ0V20Mono.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Camel.Audio.Alchemy.v1.10.6.incl.Bonuspack.VSTi.AU.MAC.OSX.UB-DYNAMiCS.rar » RAR » Camel.Audio.Alchemy.v1.10.6.incl.Bonuspack.VSTi.AU.MAC.OSX.UB-DYNAMiCS\d-ca11ma.zip » ZIP » d-cal11m.rar » RAR » Alchemy v1.10.6.dmg - next archive volume not found
C:\Users\me\Documents\Camel.Audio.Alchemy.VSTi.RTAS.v1.25.x86.x64-ASSiGN.part1.rar » RAR » - next archive volume not found
C:\Users\me\Documents\Caramel Fudge Brownie Cup Recipe.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Caramel Swirl Fudge Nut Brownies.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Chocolate Caramel Muffins - Nestlé Carnation.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Chocolate Fudge Cupcakes with a Caramel & Chocolate Ganache _ Mybestdaysever.com.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Chocolate Fudge Muffins.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\clay diy.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\clay Mould making for ceramics.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cnnbnds list.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Cooking With Amanitas_ How To Do It Right.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\CorelDRAW.Graphics.Suite.X6.v16.0.0.707.x64.Incl.Keymaker-CORE.rar » RAR » CorelDRAW.Graphics.Suite.X6.v16.0.0.707.x64.Incl.Keymaker-CORE\cr-sdq01.zip » ZIP » CorelDRAWGraphicsSuiteX6Installer_EN64Bit.part01.rar » RAR » CorelDRAWGraphicsSuiteX6Installer_EN64Bit.exe - next archive volume not found
C:\Users\me\Documents\CorelDRAW.Graphics.Suite.X6.v16.0.0.707.x64.Incl.Keymaker-CORE.rar » RAR » CorelDRAW.Graphics.Suite.X6.v16.0.0.707.x64.Incl.Keymaker-CORE\cr-sdq01.zip » ZIP » keygen.exe » PECompact v2.xx - a variant of Win32/Keygen.AU potentially unwanted application
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » AttractorConstructor.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » AttractorFlame.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » AttractorTrafo.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Attractors.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Attractors.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » ChaosPro.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » ChaosPro.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » ChaosPro.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Hypercomplex.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Math.lib » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Quaternions.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Quaternions.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Standard.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » Standard.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » FractInt.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » FractInt.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » akl-m-dmj.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » akl-m-math.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » akl.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » akl.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » akl.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » akln.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » asz.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » asz.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » asz.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dan.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dan.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dmj.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dmj.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dmj.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dmj3.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dmj3.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » dmj3.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » gfp.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » jam.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » kcc3.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm-special.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm-special.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm-special.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm3.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » lkm3.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mac.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mac.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » macp.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde-eng.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde3-courbes.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde3.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde3.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mde3.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf3.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf3.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf3.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf4.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmf4.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mmfs.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mt.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mt.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » mt.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » pwc-convert.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » pwc.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » sam.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » sam.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » sam.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » sp.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » tvc.ccl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » tvc.cfm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cpro40 chaos pro fractal.exe » NSIS » tvc.ctr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\cyberghost_vpn_setup.rar » RAR » cyberghost_vpn_setup\CGWebInstall.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\cyberghost_vpn_setup.rar » RAR » cyberghost_vpn_setup\10 - Michael Jackson - Heal the World.mp3 - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\Cycling.74.Pluggo.VST.RTAS.v3.54-AiR.rar » RAR » Cycling74.Pluggo.VST.RTAS.v3.54-AiR\a-cp354a.zip » ZIP » a-cp354.rar » RAR » Setup.exe » WISE » filtered drums.dll - archive damaged
C:\Users\me\Documents\ESET.NOD32.Smart.Security.5.0.94.4.Final.x64 by freewass .tunisia-sat.rar » RAR » ESET.NOD32.Smart.Security.5.0.94.4.Final.x64 by freewass .tunisia-sat\ess_nt64_enu.msi - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\ESET.NOD32.Smart.Security.5.0.94.4.Final.x64 by freewass .tunisia-sat.rar » RAR » ESET.NOD32.Smart.Security.5.0.94.4.Final.x64 by freewass .tunisia-sat\key 2016.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\ESET.NOD32.Smart.Security.5.0.94.4.Final.x86 by freewass .tunisia-sat pass. www.tunisia-sat.com.rar » RAR » ESET.NOD32.Smart.Security.5.0.94.4.Final.x86 by freewass .tunisia-sat\ess_nt32_enu.msi - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\ESET.NOD32.Smart.Security.5.0.94.4.Final.x86 by freewass .tunisia-sat pass. www.tunisia-sat.com.rar » RAR » ESET.NOD32.Smart.Security.5.0.94.4.Final.x86 by freewass .tunisia-sat\key 2016.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\Fruit Jellies.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\FXpansion.DCAM.Synth.Squad.v1.0.4.2-ASSiGN.rar » RAR » FXpansion.DCAM.Synth.Squad.v1.0.4.2-ASSiGN\asgn1719.rar » RAR » FXPDCAM1042.bin - next archive volume not found
C:\Users\me\Documents\FXpansion.Etch.1.0.0.9.x86.x64-ASSiGN.rar » RAR » FXpansion.Etch.v1.0.0.9.x86.x64-ASSiGN\asgn1740.rar » RAR » FXPETCH1009.bin - next archive volume not found
C:\Users\me\Documents\FXpansion.Geist.v1.0.5.5.x86.x64-ASSiGN.rar » RAR » FXpansion.Geist.v1.0.5.5.x86.x64-ASSiGN\asgn1720.rar » RAR » FXPGEIST1055.bin - next archive volume not found
C:\Users\me\Documents\FXpansion.Tremor.v1.0.0.WIN.OSX-ASSiGN.rar » RAR » FXpansion.Tremor.v1.0.0.WIN.OSX-ASSiGN\asgn1717.rar » RAR » FXPTREMOR.bin - next archive volume not found
C:\Users\me\Documents\gb3-setup.exe » INNO » files.info - internal error (10010)
C:\Users\me\Documents\Goon__2011__DVDRip_XviD_BBnRG.avi.part1.rar » RAR » - next archive volume not found
C:\Users\me\Documents\gummy recipe How to make VEGAN Gummy Worms!.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Gummy Worms Candy Recipe - How to Make Homemade Gummy Worms Candy.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\H.G.Fortune.Anvilia.Pro.v1.2.VSTi-AMPLiFY.rar » RAR » a-hgfana.zip » ZIP » a-hgfanp.rar » RAR » setup.exe - next archive volume not found
C:\Users\me\Documents\Homemade Caramel, My Failproof Recipe _ giverslog.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Homemade Clay Recipes and other activities - FamilyEducation.com.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\HSS-2.25-install-p79-338-conduit.exe » NSIS » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\hw32_393.exe » INNO » files.info - internal error (10010)
C:\Users\me\Documents\HyperSynth.Oresus.v1.2-ASSiGN.rar » RAR » HyperSynth.Oresus.v1.2-ASSiGN\asgn1637.rar » RAR » setup.exe » NSIS » dat_skin.skf - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.DirectWave.STANDALONE.VSTi.v1.4.20-ASSiGN\asgn1375.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Drumaxx.STANDALONE.VSTi.v1.2.2-ASSiGN\asgn1376.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Edison.STANDALONE.VST.v2.2.4-ASSiGN\asgn1377.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Hardcore.STANDALONE.VST.v1.1.3-ASSiGN\asgn1378.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Harmless.STANDALONE.VSTi.v1.0.9-ASSiGN\asgn1379.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Harmor.STANDALONE.VSTi.v1.0.2-ASSiGN\asgn1380.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Morphine.STANDALONE.VSTi.v1.5.6-ASSiGN\asgn1381.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.PoiZone.STANDALONE.VSTi.v2.3.6-ASSiGN\asgn1382.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Sakura.STANDALONE.VSTi.v1.0.6-ASSiGN\asgn1383.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Sawer.STANDALONE.VSTi.v1.1.5-ASSiGN\asgn1384.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN_rlwarez.softarchive.net.rar » RAR » Image-Line.Standalone.VST.VSTi.Pack.17.10.2011-ASSiGN\Image-Line.Toxic.Biohazard.STANDALONE.VSTi.v1.1.5-ASSiGN\asgn1385.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\installing Camel Audio Alchemy VSTi RTAS 1.25 x86_x64 INCL FULL Library _ proaudiozone.info.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\kool movies.rar » RAR » KoolMoves.v8.2.1.retail-FOSI\fo-k821a.zip » ZIP » fo-k821.rar » RAR » fo-k821.zip » ZIP » fo-k821.exe » INNO » - archive damaged
C:\Users\me\Documents\KORG.Legacy.Collection.Special.Bundle.STANDALONE.VST.RTAS.v09.2011-ASSiGN.rar » RAR » KORG.Legacy.Collection.Special.Bundle.STANDALONE.VST.RTAS.v09.2011-ASSiGN\asgn1482.rar » RAR » setup.exe » NSIS » dat_bgm.ogg - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Leapic.Video.Joiner.v3.0.Incl.Keygen-Lz0.rar » RAR » Linezer0.part1.rar » RAR » videojoiner.exe » INNO » - archive damaged
C:\Users\me\Documents\M.I.g.p-NeDiVx.part1.rar » RAR » nedivx-migp-cd1.avi - next archive volume not found
C:\Users\me\Documents\MAGIX Samplitude Pro X help.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\MAGIX.Samplitude.Pro.X.Suite.v12.0.2.104.Update.x86.x64-ASSiGN.rar » RAR » MAGIX.Samplitude.Pro.X.Suite.v12.0.2.104.Update.x86.x64-ASSiGN\asgn1716.rar » RAR » crack_samplitude_prox_suite_12.0.2.104.exe » NSIS » Sam_x64.exe - archive damaged - the file could not be extracted.
C:\Users\me\Documents\MAGIX.Samplitude.Pro.X.Suite.v12.0.x86.x64-ASSiGNn.rar » RAR » MAGIX.Samplitude.Pro.X.Suite.v12.0.x86.x64-ASSiGN\asgn1361.rar » RAR » MGXSPTDPROXS120.bin - next archive volume not found
C:\Users\me\Documents\Modeling Clay Recipes - Make Modeling Clay - Homemade Clay Recipe.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Native.Instruments.Kontakt.v5.0.1.VSTi.RTAS-DYNAMiCSs.rar » RAR » d-nik501.zip » ZIP » Native.Instruments.Kontakt.v5.01.VST.RTAS-DYNAMiCS.part01.rar » RAR » Kontakt 5 Setup PC.exe » 7ZIP » - error reading archive
C:\Users\me\Documents\No-Fry Doughnuts — Duncan Hines®.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\phnlms index.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\plnts.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Plogue.Bidule.v0.9721.x86.x64-ASSiGN.rar » RAR » Plogue.Bidule.v0.9721.x86.x64-ASSiGN\asgn1710.rar » RAR » setup x64.exe » NSIS » splash.bmp - archive damaged - the file could not be extracted.
C:\Users\me\Documents\QuikQuak.Everything.Bundle.VST.VSTi.v12.2011.R2.x86.x64-ASSiGN.rar » RAR » QuikQuak.Everything.Bundle.VST.VSTi.v12.2011.R2.x86.x64-ASSiGN\asgn1483.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\recipe shish kabob Authentic Turkish Chicken Shish Kebab Marinade.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\recipe shish Nikibone.com - Kabob Recipes.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\ReFX.Nexus.2.AiR.part1.rar » RAR » - next archive volume not found
C:\Users\me\Documents\rice milk recipe.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Rob.Papen.Predator.VSTi.RTAS.v1.5.8.x86.x64.Incl.Keygen-AiR.rar » RAR » Rob.Papen.Predator.VSTi.RTAS.v1.5.8.x86.x64.Incl.Keygen-AiR\a-rp1528.zip » ZIP » a-rpp15.r26 - archive damaged
C:\Users\me\Documents\Rob.Papen.Predator.VSTi.RTAS.v1.5.8.x86.x64.Incl.Keygen-AiRr.rar » RAR » Rob.Papen.Predator.VSTi.RTAS.v1.5.8.x86.x64.Incl.Keygen-AiR\a-rp1501.zip » ZIP » a-rpp15.rar » RAR » rob_papen_predator_v1.x_keygen.exe - next archive volume not found
C:\Users\me\Documents\SIDEFX.HOUDINI.MASTER.V10.0.295.WIN64-XFORCE.part1.rar » RAR » SIDEFX.HOUDINI.MASTER.V10.0.295.WIN64-XFORCE\houdini-10.0.295-win64.exe » NSIS » style_guides_fur.png - archive damaged - the file could not be extracted.
C:\Users\me\Documents\SIDEFX_HOUDINI_MASTER_V12.0.543.9_MACOSX_X86_64-XFORCE.rar » RAR » SIDEFX_HOUDINI_MASTER_V12.0.543.9_MACOSX_X86_64-XFORCE\xfh12i01.zip » ZIP » h12osx.rar » RAR » houdini-12.0.543.9-macosx_x86_64_gcc4.2_10.7.dmg - incorrect CRC checksum, the file may be damaged
C:\Users\me\Documents\SIDEFX_HOUDINI_MASTER_V12.0.543.9_MACOSX_X86_64-XFORCE.rar » RAR » SIDEFX_HOUDINI_MASTER_V12.0.543.9_MACOSX_X86_64-XFORCE\xfh12i01.zip » ZIP » h12osx.rar » RAR » - next archive volume not found
C:\Users\me\Documents\Sonic.Academy.ANA.v1.02.x86.x64-ASSiGN.rar » RAR » Sonic.Academy.ANA.v1.02.x86.x64-ASSiGN\asgn1745.rar » RAR » setup.exe - next archive volume not found
C:\Users\me\Documents\Spartacus.Vengeance.2x08.HDTV.x264.part1.rar » RAR » Spartacus.Vengeance.2x08.HDTV.x264.mp4 - next archive volume not found
C:\Users\me\Documents\spywareblastersetup46.exe » INNO » files.info - internal error (10010)
C:\Users\me\Documents\Straightarrow.Quiver.v1.1-ASSiGN.rar » RAR » Straightarrow.Quiver.v1.1-ASSiGN\asgn1712.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\Triple Chocolate Chunk Dessert Bread — Duncan Hines®.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\trpyms index.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\tweaknow PowerPack405.exe » INNO » files.info - internal error (10010)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » My Fractals.upr » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Standard.ucl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Standard.ulb » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Standard.uxf » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Standard.ufm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Ratings.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » common.ulb » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Fractint.uxf » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Uf2.uxf » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Uf2.ucl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Fractint.ufm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra.Fractal.5.02-colombianwarez.com.rar » RAR » Ultra Fractal 5.02.exe » THINAPP » Fractint.ucl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\VAZ.Synths.VAZ.2010.v2.1.2-ASSiGN.rar » RAR » VAZ.Synths.VAZ.2010.v2.1.2-ASSiGN\asgn1644.rar » RAR » Vaz2010v2.1.2.exe » NSIS » VAZ2010.chm - archive damaged - the file could not be extracted.
C:\Users\me\Documents\VAZ.Synths.VAZ.3.3.2012.rar » RAR » VAZ.Synths.VAZ.3.3.2012\VAZ.Synths.VAZ.2010.v2.1.2-ASSiGN\asgn1644.rar » RAR » Vaz2010v2.1.2.exe » NSIS » VAZ2010.chm - archive damaged - the file could not be extracted.
C:\Users\me\Documents\VAZ.Synths.VAZ.3.3.2012.rar » RAR » VAZ.Synths.VAZ.3.3.2012\VAZ.Synths.VAZ.Modular.v3.2.2-ASSiGN\asgn1645.rar » RAR » VazMod3.2.2.exe » NSIS » VazMod.chm - archive damaged - the file could not be extracted.
C:\Users\me\Documents\VAZ.Synths.VAZ.3.3.2012.rar » RAR » VAZ.Synths.VAZ.3.3.2012\VAZ.Synths.VAZ.Plus.v2.1.5-ASSiGN\asgn1646.rar » RAR » VazPlus2.1.5.exe » NSIS » VAZPlus.chm - archive damaged - the file could not be extracted.
C:\Users\me\Documents\VPN Package.rar » RAR » VPN Package\FortiClientSetup_3.0.474.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\VPN Package.rar » RAR » VPN Package\jpenny.vpl - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\VPN Package.rar » RAR » VPN Package\Serial.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\me\Documents\waffle recipe Liège Belgian Waffle_ Black Friday Breakfast _ Beyond the Bread.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\WinAVI.All.In.One.Converter.v1.6.3.4360-TCi.zip » ZIP » WinAVI.All.In.One.Converter.v1.6.3.4360-TCi/tci0aioa.zip » ZIP » TCi.part1.rar » RAR » Setup\Setup.exe » NSIS » QtWebKit4.dll - archive damaged - the file could not be extracted.
C:\Users\me\Documents\wthdrwl help.mht » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Xt.Software.Energyxt.Standalone.VST.VSTi.v2.5.2-peace-out.rar » RAR » poengyxt.rar » RAR » setup.exe » NSIS » bgm.mp3 - archive damaged - the file could not be extracted.
C:\Users\me\Documents\ZCOUR.part1.rar » RAR » The.Courier.2011.BRRip.XviD-KAZAN.avi - next archive volume not found
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Standard.ucl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Standard.ufm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Standard.ulb » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Standard.uxf » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Compatibility\Fractint.ucl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Compatibility\Fractint.ufm » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Compatibility\Fractint.uxf » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Compatibility\Uf2.ucl » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Compatibility\Uf2.uxf » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Public\common.ulb » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Formulas\Public\Ratings.txt » MIME - is OK (internal scanning not performed)
C:\Users\me\Documents\Ultra Fractal 5\Parameters\My Fractals.upr » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Ashampoo.Burning.Studio.11.v11.0.4-TE.rar » RAR » Ashampoo.Burning.Studio.11.v11.0.4-TE\tabs1b4a.zip » ZIP » tabs1b4.rar » RAR » ashampoo_burning_studio_11_e11.0.4_sm.exe » INNO » - archive damaged
C:\Users\Public\Documents\what the bleep\Ashampoo.WinOptimizer.9.v9.2.0-TE.zip » ZIP » Ashampoo.WinOptimizer.9.v9.2.0-TE/ashampoo_winoptimizer_9_e9.2.0_sm.exe » INNO » file0104.bin » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Aurora.3D.Animation.Maker.v12.02.08.Incl.Keygen.and.Patch-Lz0.rar » RAR » Aurora.3D.Animation.Maker.v12.02.08.Incl.Keygen.and.Patch-Lz0\lzbodda1.zip » ZIP » Linezer0.part1.rar » RAR » Animation3D.exe » INNO » - archive damaged
C:\Users\Public\Documents\what the bleep\Avenue.v4.0.rar » RAR » Resolume.Avenue.v4.0-UNION\crack\Avenue.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Public\Documents\what the bleep\Avenue.v4.0.rar » RAR » Resolume.Avenue.v4.0-UNION\file_id.diz - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Public\Documents\what the bleep\Avenue.v4.0.rar » RAR » Resolume.Avenue.v4.0-UNION\Resolume_Avenue_4_0_0_Installer.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Public\Documents\what the bleep\Avenue.v4.0.rar » RAR » Resolume.Avenue.v4.0-UNION\union.nfo - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Public\Documents\what the bleep\BitDefender.Internet.Security.2012.Build.15.0.37.1560.x32.rar » RAR » bitdefender_is_2012_64b.exe » RAR » bdis.cab » CAB » chrome_tb.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Bitsonic.Godlike.v1.1-ASSiGN.rar » RAR » Bitsonic.Godlike.v1.1-ASSiGN\asgn1573.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\Public\Documents\what the bleep\Dmitry.Sches.Diversion.v1.11-UNION 2.rar » RAR » Dmitry.Sches.Diversion.v1.11-UNION\u-d11101.zip » ZIP » u-dsd111.rar » RAR » DiversionSetupWin.exe » INNO » - archive damaged
C:\Users\Public\Documents\what the bleep\Dmitry.Sches.Diversion.v1.11-UNION.rar » RAR » Dmitry.Sches.Diversion.v1.11-UNION\u-d11101.zip » ZIP » u-dsd111.rar » RAR » DiversionSetupWin.exe » INNO » - archive damaged
C:\Users\Public\Documents\what the bleep\hamburg-audio.NUKLEAR.v1.1.1.x86.x64-ASSiGN.rar » RAR » hamburg-audio.NUKLEAR.v1.1.1.x86.x64-ASSiGN\asgn1603.rar » RAR » NUKLEAR_Handbuch.pdf - next archive volume not found
C:\Users\Public\Documents\what the bleep\Harrison.Mixbus.v2.0.6-ASSiGN.rar » RAR » Harrison.Mixbus.v2.0.6-ASSiGN\asgn1605.rar » RAR » Mixbus_2.0.6_setup.exe - next archive volume not found
C:\Users\Public\Documents\what the bleep\HitFilm.Ultimate.v1.1.2412.x64-ENGiNE.rar » RAR » HitFilm.Ultimate.v1.1.2412.x64-ENGiNE\e-o7g501.zip » ZIP » ENG.part01.rar » RAR » HitFilmUltimate_x64_1.1.2412.41681.msi » MSI - archive damaged - the file could not be extracted.
C:\Users\Public\Documents\what the bleep\iZotope.Music.And.Speach.Cleaner.v1.00-ASSiGN.rar » RAR » iZotope.Music.And.Speach.Cleaner.v1.00-ASSiGN\asgn0914.rar » RAR » setup.exe » NSIS » dat_skin.skf - archive damaged - the file could not be extracted.
C:\Users\Public\Documents\what the bleep\iZotope.Ozone.5.Advanced.v5.02.x86.x64-ASSiGN.zip » ZIP » iZotope.Ozone.5.Advanced.v5.02.x86.x64-ASSiGN/asgn1561.rar » RAR » setup.exe » NSIS » NSIS_SkinCrafter_Plugin.dll - archive damaged - the file could not be extracted.
C:\Users\Public\Documents\what the bleep\List of Synthetic Cannabinoids.mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\list.mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Nero.part1.rar » RAR » Nero\Nero Platinum 11 v11.2.rar » RAR » Nero Platinum 11 v11.2\Nero.exe - archive damaged
C:\Users\Public\Documents\what the bleep\Power.Software.PowerISO.v5.0.MULTILINGUAL.Incl.Keygen-Lz0.ZIP » ZIP » Power.Software.PowerISO.v5.0.MULTILINGUAL.Incl.Keygen-Lz0/lzrcave1.zip » ZIP » Linezer0.part1.rar » RAR » PowerISO5.exe » NSIS » AVG0Toolbar0v.9.23.exe - archive damaged - the file could not be extracted.
C:\Users\Public\Documents\what the bleep\Presonus.Studio.One.Professional.v2.0.4.WIN.OSX.Incl.Keygen-AiR.rar » RAR » a-sp204a.zip » ZIP » a-sp204.rar » RAR » Keygen.exe - a variant of Win32/Packed.VMProtect.AAH trojan
C:\Users\Public\Documents\what the bleep\Presonus.Studio.One.Professional.v2.0.4.WIN.OSX.Incl.Keygen-AiR.rar » RAR » a-sp204a.zip » ZIP » a-sp204.rar » RAR » OSX\PreSonus Studio One 2.dmg - next archive volume not found
C:\Users\Public\Documents\what the bleep\Robert A. Nelson_ Hemp Husbandry ~ Botany & Breeding (Ch 4).mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Robert A. Nelson_ Hemp Husbandry ~ Cannabinoid Chemistry (Ch 6).mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Robert A. Nelson_ hemp Husbandry ~ Hemp Resources.mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Robert A. Nelson_ Hemp Husbandry ~ Index.mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Robert A.Nelson_ Hemp Husbandry ~ Electro-Culture (Ch 5).mht » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\what the bleep\Synthetic cannabinoids.mht » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\12ac83a.msi » MSI » Binary.adawareTbBundle.exe » NSIS » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\3a07cff6f7e21ed1f4c0b3545fc485c4f50b8af1.HomeGroupClassifier\fecd19d129a62c4a924c85d1737db448\grouping\db.mdb - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\3a07cff6f7e21ed1f4c0b3545fc485c4f50b8af1.HomeGroupClassifier\fecd19d129a62c4a924c85d1737db448\grouping\edb.log - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\3a07cff6f7e21ed1f4c0b3545fc485c4f50b8af1.HomeGroupClassifier\fecd19d129a62c4a924c85d1737db448\grouping\tmp.edb - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\log.txt - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UXY0ALFR.txt » MIME - is OK (internal scanning not performed)
C:\Windows\SysWOW64\log.txt - error opening [4]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UXY0ALFR.txt » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe » NSIS » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe » NSIS » ToolbarUpdaterService.exe - a variant of Win32/Toolbar.Zugo potentially unwanted application
Number of scanned objects: 477641
Number of threats found: 6
Number of cleaned objects: 1
Time of completion: 7:14:00 PM Total scanning time: 7497 sec (02:04:57)

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 AM

Posted 01 April 2012 - 02:40 AM

Hi,

There're some illegal downloads there. Delete all software you don't have legit ownership to.


Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
REGEDIT /E "%USERPROFILE%\Desktop\regExp.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
DEL %0

Double-click on fixes.bat file to execute it. regExp.txt file should appear to your desktop. Attach it to your post.

How's the system running now? Does security center show antivirus & firewall protection enabled?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 elves1111

elves1111
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 01 April 2012 - 06:14 PM

seems to be running ok. been sick so will let you know when get a chance to check it out more. firewall is on.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"RPCSS"=hex(7):52,00,70,00,63,00,45,00,70,00,74,00,4d,00,61,00,70,00,70,00,65,\
00,72,00,00,00,52,00,70,00,63,00,53,00,73,00,00,00,00,00
"defragsvc"=hex(7):64,00,65,00,66,00,72,00,61,00,67,00,73,00,76,00,63,00,00,00,\
00,00
"LocalSystemNetworkRestricted"=hex(7):55,00,78,00,53,00,6d,00,73,00,00,00,57,\
00,64,00,69,00,53,00,79,00,73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,\
00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,\
00,73,00,00,00,41,00,75,00,64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,\
69,00,6e,00,74,00,42,00,75,00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,\
00,44,00,46,00,53,00,76,00,63,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,\
6e,00,75,00,6d,00,00,00,68,00,69,00,64,00,73,00,65,00,72,00,76,00,00,00,64,\
00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,\
00,00,73,00,79,00,73,00,6d,00,61,00,69,00,6e,00,00,00,50,00,63,00,61,00,53,\
00,76,00,63,00,00,00,68,00,6f,00,6d,00,65,00,67,00,72,00,6f,00,75,00,70,00,\
6c,00,69,00,73,00,74,00,65,00,6e,00,65,00,72,00,00,00,57,00,50,00,44,00,42,\
00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,77,00,6c,00,61,00,6e,00,73,00,\
76,00,63,00,00,00,54,00,61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,\
00,74,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,43,00,73,00,63,00,\
53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,55,00,6d,00,52,00,64,00,70,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,57,00,64,00,69,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,48,00,6f,00,73,00,74,00,00,00,77,00,33,00,32,00,\
74,00,69,00,6d,00,65,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,\
67,00,69,00,73,00,74,00,72,00,79,00,00,00,57,00,69,00,6e,00,48,00,74,00,74,\
00,70,00,41,00,75,00,74,00,6f,00,50,00,72,00,6f,00,78,00,79,00,53,00,76,00,\
63,00,00,00,73,00,70,00,70,00,75,00,69,00,6e,00,6f,00,74,00,69,00,66,00,79,\
00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,00,45,00,52,00,\
00,00,6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,6c,00,6c,00,74,\
00,64,00,73,00,76,00,63,00,00,00,66,00,64,00,70,00,68,00,6f,00,73,00,74,00,\
00,00,53,00,73,00,74,00,70,00,53,00,76,00,63,00,00,00,57,00,65,00,62,00,43,\
00,6c,00,69,00,65,00,6e,00,74,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
00,6d,00,53,00,70,00,00,00,4e,00,57,00,53,00,49,00,50,00,58,00,33,00,32,00,\
00,00,63,00,6c,00,69,00,73,00,76,00,63,00,00,00,54,00,65,00,72,00,6d,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,\
65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,\
00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,\
00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,\
00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,\
76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,\
00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,\
00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,\
53,00,53,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,53,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,62,00,72,00,6f,00,\
77,00,73,00,65,00,72,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,\
00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,\
73,00,76,00,63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,\
00,70,00,6f,00,72,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,\
00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,\
00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):44,00,50,00,53,00,00,00,50,00,4c,00,41,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,57,00,77,\
00,61,00,6e,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,42,00,74,00,68,00,48,00,46,00,53,00,72,00,76,00,00,\
00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,00,73,00,63,00,73,00,\
76,00,63,00,00,00,68,00,6f,00,6d,00,65,00,67,00,72,00,6f,00,75,00,70,00,70,\
00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,57,00,50,00,43,00,53,00,\
76,00,63,00,00,00,00,00
"LocalServicePeerNet"=hex(7):50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,\
70,00,32,00,70,00,69,00,6d,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,73,\
00,76,00,63,00,00,00,50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,\
65,00,67,00,00,00,00,00
"NetworkServiceAndNoImpersonation"=hex(7):4b,00,74,00,6d,00,52,00,6d,00,00,00,\
00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"LocalServiceAndNoImpersonation"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,\
00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,\
61,00,72,00,64,00,53,00,76,00,72,00,00,00,54,00,42,00,53,00,00,00,66,00,64,\
00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,46,00,6f,00,6e,00,74,00,43,00,\
61,00,63,00,68,00,65,00,00,00,41,00,70,00,70,00,49,00,44,00,53,00,76,00,63,\
00,00,00,51,00,57,00,41,00,56,00,45,00,00,00,77,00,63,00,6e,00,63,00,73,00,\
76,00,63,00,00,00,53,00,65,00,6e,00,73,00,72,00,53,00,76,00,63,00,00,00,4d,\
00,63,00,78,00,32,00,53,00,76,00,63,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6f,00,77,00,65,00,72,00,00,00,50,00,6c,00,75,00,67,\
00,50,00,6c,00,61,00,79,00,00,00,44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,\
6e,00,63,00,68,00,00,00,00,00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,44,00,4e,00,53,00,43,00,61,00,63,00,68,00,65,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,00,\
6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,6e,\
00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,00,\
70,00,69,00,73,00,72,00,76,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"WbioSvcGroup"=hex(7):57,00,62,00,69,00,6f,00,53,00,72,00,76,00,63,00,00,00,00,\
00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"AxInstSVGroup"=hex(7):41,00,78,00,49,00,6e,00,73,00,74,00,53,00,56,00,00,00,\
00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00
"bthsvcs"=hex(7):62,00,74,00,68,00,73,00,65,00,72,00,76,00,00,00,00,00
"PeerDist"=hex(7):50,00,65,00,65,00,72,00,44,00,69,00,73,00,74,00,53,00,76,00,\
63,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSVGroup]
"ImpersonationLevel"=dword:00000003
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted]
"DefaultRpcStackSize"=dword:00000040
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
"AuthenticationLevel"=dword:00000006

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
"AuthenticationLevel"=dword:00000006

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 AM

Posted 02 April 2012 - 02:25 AM

Hi,

Please download attached .zip file to your desktop and extract its contents. Double-click regfix.reg file and allow merging. Reboot and run ComboFix again. Post back its log.

Note: the attachment is to be used on this specific case only.

Edited by Blade81, 14 April 2012 - 04:26 AM.
Removed registry fix to avoid abuse of it

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:16 AM

Posted 14 April 2012 - 04:26 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users