Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU Usage Spiking after installing stream software for viewing the Olympics


  • Please log in to reply
39 replies to this topic

#1 atcmonke

atcmonke

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 12 February 2014 - 03:32 PM

I've uninstalled the software(s) that the site asked me to install and scanned the computer using Malwarebytes, SuperAntiSpyware, and ESET NOD32 Antivirus and the remainents of the software(s) installed were found and removed. But I am still getting spiked CPU usage - computer acting sluggish/unresponsive at times, and I checked to make sure it wasn't any of the things I have opened by restarting everything and not openining anything other than the task manager for observation. Let me know if there is any further details I need to provide.



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 AM

Posted 13 February 2014 - 08:10 PM

Hi atcmonke,

Please provide the initial logs as required for this forum and we'll see what we can do.
Posted Image
m0le is a proud member of UNITE

#3 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 14 February 2014 - 10:59 AM

Opps, should have read the guidelines. Nonetheless, here you go m0le. Thanks again for helping. Since it's Friday and it's a work computer, If a reply is required in a certain time periord, just want to let you know I won't be at this computer during the weekends.

Attached Files



#4 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 February 2014 - 12:15 PM

I noticed there's a lot of harddrive activity as well. I hope it's not a botnet of some sort.



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 AM

Posted 17 February 2014 - 12:28 PM

Let's try something a bit less malicious first.

Please download mbam-logo-new100_big.jpgMalwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#6 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 February 2014 - 03:37 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
Cquence :: CQUENCE2-PC [administrator]

2/17/2014 9:54:27 AM
mbam-log-2014-02-17 (09-54-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 432616
Time elapsed: 2 hour(s), 41 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#7 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 19 February 2014 - 12:47 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
Cquence :: CQUENCE2-PC [administrator]

2/19/2014 9:27:55 AM
mbam-log-2014-02-19 (09-27-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224619
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GigaClicks Crawler (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Cquence\AppData\Local\GCC\uninstall.exe (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.

(end)
 



#8 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 19 February 2014 - 12:51 PM

ESET keeps finding this malware/virus:

ClickHeretoDownload-3fBjoM2.exe

Reason is: Win32/Somoto.A potentially unwanted application

I'll paste the log for the last ESET scan.


Scan Log
Version of virus signature database: 9440 (20140218)
Date: 2/18/2014  Time: 4:41:07 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\Scans\PersistedStore\MpPersistedStore.bin - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Documents and Settings\Cquence\ntuser.dat - error opening [4]
C:\Documents and Settings\Cquence\ntuser.dat.LOG1 - error opening [4]
C:\Documents and Settings\Cquence\ntuser.dat.LOG2 - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000bf5 » GZIP » f_000bf5 - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e87 » GZIP » f_000e87 - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000f61 » GZIP » f_000f61 - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Documents and Settings\Cquence\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Microsoft\Windows\WebCache\V01.log - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - error opening [4]
C:\Documents and Settings\Cquence\AppData\Local\Spotify\Browser\f_0000af » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\1371.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\1371.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\26D2.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\26D2.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\287C.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\287C.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\7ABC.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\7ABC.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\9262.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\9262.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\C4E5.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\C4E5.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\C6D.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\C6D.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\F6BC.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\F6BC.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Local\Temp\FDF1.tmp » CHROMEEXTENSION » content.zip » ZIP » libGLESv2.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Cquence\AppData\Local\Temp\FDF1.tmp » CHROMEEXTENSION » content.zip » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5a9ad95c-70e72e06 » ZIP » OtzmB.class - a variant of Java/Exploit.Agent.NNC trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5a9ad95c-70e72e06 » ZIP » TISOHtpSl.class - a variant of Java/Exploit.Agent.NSW trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5a9ad95c-70e72e06 » ZIP » VPgeWb.class - a variant of Java/Exploit.Agent.NVF trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5a9ad95c-70e72e06 » ZIP » EPlRBWMoc.class - a variant of Java/Exploit.Agent.NVF trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5a9ad95c-70e72e06 » ZIP » fWeRp.class - a variant of Java/Exploit.Agent.NND trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5a9ad95c-70e72e06 » ZIP » jHwWbPM.class - a variant of Java/Exploit.Agent.NVF trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4b06fab9-793fb329 » ZIP » wDFEs.class - a variant of Java/Exploit.Agent.NNM trojan
C:\Documents and Settings\Cquence\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4b06fab9-793fb329 » ZIP » xpbbdn.class - a variant of Java/Exploit.Agent.NNM trojan
C:\Documents and Settings\Cquence\AppData\Roaming\.minecraft\bin\minecraft.jar » ZIP »  - archive damaged
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\atcmonke\bistats.lock - error opening [4]
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\atcmonke\keyval.lock - error opening [4]
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\atcmonke\main.lock - error opening [4]
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\atcmonke\msn.lock - error opening [4]
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\atcmonke\statistics.lock - error opening [4]
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\shared_dynco\dc.lock - error opening [4]
C:\Documents and Settings\Cquence\AppData\Roaming\Skype\shared_httpfe\queue.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\atcmonke\bistats.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\atcmonke\keyval.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\atcmonke\main.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\atcmonke\msn.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\atcmonke\statistics.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\shared_dynco\dc.lock - error opening [4]
C:\Documents and Settings\Cquence\Application Data\Skype\shared_httpfe\queue.lock - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\01 Fear Not.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\02 Stargazing.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\03 Yours.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\04 Slow.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\05 Another Me.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\06 Come When I Call.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\07 Illusions.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\08 Reverie.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\09 I'm Selfish.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\10 Ecstasy.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\11 Who Am I Working For_.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\12 Let You Love Me (Xxyyxx Remix).mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\REVERIE\REVERIE\TINASHE - REVERIE - Digital Booklet-2.pdf - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\01 Black Water.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\02 Before the Storm.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\03 Vulnerable (ft. Travi$ Scott).MP3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\04 Secret Weapon.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\05 Video Tapes.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\06 Midnight Sun.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\07 1 for Me.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\07 Daybreak.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\09 Fugitive.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\10 Stunt.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\11 Just A Taste.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\12 Middle of Nowhere.mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\13 Aint Ready....mp3 - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\Tinashe-BlackWater-BackCover.jpg - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\Tinashe-BlackWater-Cover.jpg - error opening [4]
C:\Documents and Settings\Cquence\Desktop\Albums\TINASHE - Black Water\Tinashe-BlackWater-ThankYou.jpg - error opening [4]
C:\Documents and Settings\Cquence\Downloads\ClickHeretoDownload-3fBjoM2.exe » NSIS » biclient.exe - Win32/Somoto.A potentially unwanted application
C:\Documents and Settings\Cquence\Downloads\CouponPrinter.exe » INDIGOROSE - unsupported option
C:\Documents and Settings\Cquence\Downloads\ESET NOD32 Antivirus v7.0.302 (64-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-Final-Portable.rar » RAR » TNod-1.4.2.3-Final-Portable\TNODUP-Portable.exe » ZProtect - a variant of Win32/RiskWare.HackAV.JA application
C:\Documents and Settings\Cquence\Downloads\ESET NOD32 Antivirus v7.0.302 (64-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup.rar » RAR » TNod-1.4.2.3-final-setup.exe » NSIS » TNODUP.exe » ZProtect - a variant of Win32/RiskWare.HackAV.JA application - was a part of the deleted object
C:\Program Files (x86)\Spotify\spotify.exe » ZIP »  - archive damaged
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20205.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20404.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20601.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20810.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 21401.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 21670.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 21910.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 22210.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 22601.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 22801.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23003.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23201.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23403.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23415.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23801.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 2380171.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24008.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24405.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24602.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24705.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24802.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 26202.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 26801.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27001.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27201.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27402.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27602.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27801.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 28001.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 28401.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 28602.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 29340.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40401.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40405.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40411.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40413.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40415.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40420.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40427.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40430.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40443.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40446.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40460.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40484.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40486.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40488.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40566.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40567.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 41302.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 41902.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 42602.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 44020.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 45406.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 50219.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 50503.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 51011.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 52503.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 53001.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 54201.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 65501.xml - error - password-protected file
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » VZW.xml - error - password-protected file
C:\Program Files (x86)\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files (x86)\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock - error opening [4]
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin - error opening [4]
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin - error opening [4]
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\PersistedStore\MpPersistedStore.bin - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\System Volume Information\Syscache.hve - error opening [4]
C:\System Volume Information\Syscache.hve.LOG1 - error opening [4]
C:\System Volume Information\Syscache.hve.LOG2 - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{609e7bea-97e9-11e3-a935-002170465213}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{7f102a15-92aa-11e3-9b13-002170465213}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{8395df6a-9354-11e3-93e6-002170465213}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{8395df73-9354-11e3-93e6-002170465213}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{898ca71b-93fd-11e3-8e6b-002170465213}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\PersistedStore\MpPersistedStore.bin - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\Cquence\ntuser.dat - error opening [4]
C:\Users\Cquence\ntuser.dat.LOG1 - error opening [4]
C:\Users\Cquence\ntuser.dat.LOG2 - error opening [4]
C:\Users\Cquence\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000bf5 » GZIP » f_000bf5 - archive damaged
C:\Users\Cquence\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e87 » GZIP » f_000e87 - archive damaged
C:\Users\Cquence\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Cquence\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Cquence\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Cquence\AppData\Local\Microsoft\Windows\WebCache\V01.log - error opening [4]
C:\Users\Cquence\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - error opening [4]
C:\Users\Cquence\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - error opening [4]
C:\Users\Cquence\AppData\Local\Spotify\Browser\f_0000af » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Users\Cquence\AppData\Roaming\Skype\atcmonke\bistats.lock - error opening [4]
C:\Users\Cquence\AppData\Roaming\Skype\atcmonke\keyval.lock - error opening [4]
C:\Users\Cquence\AppData\Roaming\Skype\atcmonke\main.lock - error opening [4]
C:\Users\Cquence\AppData\Roaming\Skype\atcmonke\msn.lock - error opening [4]
C:\Users\Cquence\AppData\Roaming\Skype\atcmonke\statistics.lock - error opening [4]
C:\Users\Cquence\AppData\Roaming\Skype\shared_dynco\dc.lock - error opening [4]
C:\Users\Cquence\AppData\Roaming\Skype\shared_httpfe\queue.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\atcmonke\bistats.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\atcmonke\keyval.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\atcmonke\main.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\atcmonke\msn.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\atcmonke\statistics.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\shared_dynco\dc.lock - error opening [4]
C:\Users\Cquence\Application Data\Skype\shared_httpfe\queue.lock - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\01 Fear Not.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\02 Stargazing.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\03 Yours.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\04 Slow.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\05 Another Me.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\06 Come When I Call.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\07 Illusions.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\08 Reverie.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\09 I'm Selfish.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\10 Ecstasy.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\11 Who Am I Working For_.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\12 Let You Love Me (Xxyyxx Remix).mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\REVERIE\REVERIE\TINASHE - REVERIE - Digital Booklet-2.pdf - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\01 Black Water.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\02 Before the Storm.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\03 Vulnerable (ft. Travi$ Scott).MP3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\04 Secret Weapon.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\05 Video Tapes.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\06 Midnight Sun.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\07 1 for Me.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\07 Daybreak.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\09 Fugitive.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\10 Stunt.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\11 Just A Taste.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\12 Middle of Nowhere.mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\13 Aint Ready....mp3 - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\Tinashe-BlackWater-BackCover.jpg - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\Tinashe-BlackWater-Cover.jpg - error opening [4]
C:\Users\Cquence\Desktop\Albums\TINASHE - Black Water\Tinashe-BlackWater-ThankYou.jpg - error opening [4]
C:\Users\Cquence\Downloads\ClickHeretoDownload-3fBjoM2.exe » NSIS » biclient.exe - Win32/Somoto.A potentially unwanted application
C:\Users\Cquence\Downloads\ESET NOD32 Antivirus v7.0.302 (64-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-Final-Portable.rar » RAR » TNod-1.4.2.3-Final-Portable\TNODUP-Portable.exe » ZProtect - a variant of Win32/RiskWare.HackAV.JA application
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20205.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20404.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20601.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20810.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 21401.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 21670.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 21910.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 22210.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 22601.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 22801.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23003.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23201.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23403.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23415.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23801.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 2380171.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24008.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24405.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24602.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24705.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24802.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 26202.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 26801.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27001.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27201.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27402.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27602.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27801.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 28001.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 28401.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 28602.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 29340.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40401.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40405.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40411.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40413.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40415.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40420.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40427.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40430.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40443.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40446.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40460.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40484.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40486.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40488.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40566.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40567.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 41302.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 41902.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 42602.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 44020.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 45406.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 50219.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 50503.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 51011.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 52503.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 53001.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 54201.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 65501.xml - error - password-protected file
C:\Windows\Installer\457800.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » VZW.xml - error - password-protected file
C:\Windows\ServiceProfiles\LocalService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\aee3e1d81e6ddd15626e2890dd237fc4\7c497ba190ed09be1c26a7cfb500c40e\grouping\db.mdb - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\aee3e1d81e6ddd15626e2890dd237fc4\7c497ba190ed09be1c26a7cfb500c40e\grouping\edb.log - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\aee3e1d81e6ddd15626e2890dd237fc4\7c497ba190ed09be1c26a7cfb500c40e\grouping\tmp.edb - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\FP10StreamingMediaController[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\OEPShel_PizRol_HambH_GEN_CPN_160x600[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\player[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21SA9RE1\adchoicesicon[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21SA9RE1\d738c95ef34aa09b8963e6255e804cf4[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21SA9RE1\VpaidAdPlayer[8].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GCOS9VR\12DVM_jky_jockey_july_160x600[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKF1OY7\f3e7dc7a70f7e81ba505c64146455f3a[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKF1OY7\HNCAmerFavReg_160x600_Pnl_070312_r03_fh[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKF1OY7\watch_as3-vflohUKhE[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0KLVCRI\4d60bfde63296e16b4c9f0347f38500b[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0KLVCRI\4d60bfde63296e16b4c9f0347f38500b[3].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0KLVCRI\flash[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J54LQQAH\120501_22_UTV_TPLPlay_Suprise_89HP_LP_728x90[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2J1CVGB\vpaidacudeo[2].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\1842620215_swf_0[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\1842847703_swf_0[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\AppInfoShim[2].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\TidalTV_AS3_API_v1_0_4[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\FP10StreamingMediaController[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\OEPShel_PizRol_HambH_GEN_CPN_160x600[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21SA9RE1\d738c95ef34aa09b8963e6255e804cf4[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21SA9RE1\VpaidAdPlayer[8].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GCOS9VR\12DVM_jky_jockey_july_160x600[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKF1OY7\f3e7dc7a70f7e81ba505c64146455f3a[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZKF1OY7\HNCAmerFavReg_160x600_Pnl_070312_r03_fh[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0KLVCRI\4d60bfde63296e16b4c9f0347f38500b[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0KLVCRI\flash[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\1842620215_swf_0[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\AppInfoShim[2].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0HW5G4J\TidalTV_AS3_API_v1_0_4[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Windows\Temp\TMP000000256DFB823947138341 - error opening [4]
C:\Documents and Settings\Cquence\Downloads\ClickHeretoDownload-3fBjoM2.exe » NSIS » biclient.exe - Win32/Somoto.A potentially unwanted application
C:\Users\Cquence\Downloads\ClickHeretoDownload-3fBjoM2.exe - error opening [4]
Number of scanned objects: 745579
Number of threats found: 13
Number of cleaned objects: 10
Time of completion: 7:51:27 AM  Total scanning time: 54620 sec (15:10:20)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 AM

Posted 21 February 2014 - 03:24 PM

You're getting different results at different times which means either you are being constantly reinfected after cleaning or something deeper is happening.

Let's run Combofix and see

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Posted Image
m0le is a proud member of UNITE

#10 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 24 February 2014 - 08:29 PM

Here you go.

Attached Files



#11 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 26 February 2014 - 12:16 PM

Interestingly, task manager doesn't show chrome.exe in the process list but the resource monitor does and I've been suspending them every once in a while. It has helped mitigate the low performance of the computer. Hope this helps some how.

Attached Files


Edited by atcmonke, 26 February 2014 - 12:17 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 AM

Posted 26 February 2014 - 08:38 PM

Chrome.exe is just Chrome. Are you using Chrome as your default browser?

Combofix removed very little and I suspect a new run of MBAM may come up clear now so please do a new run and let me check that.
Posted Image
m0le is a proud member of UNITE

#13 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 27 February 2014 - 03:14 PM

That's the thing, FireFox is my default and I only use Chrome once and then close it for the day. Not sure why there's so many instances but I do notice that it helped keeping the computer up to speed. Here's the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
Cquence :: CQUENCE2-PC [administrator]

2/27/2014 9:02:29 AM
mbam-log-2014-02-27 (09-02-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 626857
Time elapsed: 3 hour(s), 10 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Cquence\Downloads\ClickHeretoDownload-6eBOaEf.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Cquence\Downloads\ClickHeretoDownload-fw5w2Yg.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

(end)
 



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 AM

Posted 01 March 2014 - 05:31 AM

It looks like a performance problem to me. It may be that the streaming software is not the best or that your machine can't handle it. Are you having spikes any other time?
Posted Image
m0le is a proud member of UNITE

#15 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 01 March 2014 - 09:47 AM

I've since then uninstalled the streaming software because of the performance issue. I do notice that the ClickHereDownload malware reappearing every now and then; meaning I continuingly scan and remove as I await for your reply just to keep the system as clean as possible since it is a work computer. :-/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users