Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CryptoLocker version 4 need help cleaning


  • This topic is locked This topic is locked
24 replies to this topic

#1 fredXhunger

fredXhunger

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 11 January 2015 - 01:29 PM

Hey!

I need some help cleaning up my computer after a malware attack (CryptoLocker version 4) that I got two days ago. I got some help from a forum member to sort out what sort of malware/virus I have on my computer to be able to use a decrypting program to decrypt the files that CryptoLocker encrypted, unfortunatley I apparently I got the latest verion of CryptoLocker so there's not a decryption program avalible just yet, but he told me that I should ask here for help to remove the malware properly. 
Anyone interested in helping a fool out?
 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Admin at 19:16:56 on 2015-01-11
Microsoft Windows XP Professional  5.1.2600.3.1252.46.1033.18.1014.198 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 8\DiskDefrag.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171
mStart Page = about:blank
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171&q={searchTerms}
mWinlogon: SFCDisable = dword:-99
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
uRun: [Spotify Web Helper] "c:\documents and settings\admin\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Otmdics] regsvr32.exe "c:\documents and settings\admin\local settings\application data\otmdics\plugin-hang-ui.dll"
uRun: [GozuDuji] regsvr32.exe "c:\documents and settings\all users\application data\gozuduji\QuzvUhji.cpw"
uRun: [zcnecda] rundll32 "c:\documents and settings\admin\local settings\application data\zcnecda.dll",zcnecda
uRun: [Acxvworks] c:\windows\system32\regsvr32.exe "c:\documents and settings\admin\local settings\application data\asngworks\qtmzafrwrur.dll"
uRun: [Advanced SystemCare 8] "c:\program files\iobit\advanced systemcare 8\ASCTray.exe" /Auto
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: MaxRecentDocs = dword:18
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: HonorAutoRunSetting = dword:0
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 193.150.193.150
TCP: Interfaces\{56B41582-DCC6-4D91-8360-F332809A5568} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{56B41582-DCC6-4D91-8360-F332809A5568} : DHCPNameServer = 193.150.193.150
TCP: Interfaces\{72B585A5-DB51-43D1-8A11-B9936049B6C7} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{8AFDAB87-78F8-47F1-BBFA-0F5C23C4E608} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{D4870E49-6298-4048-9265-F31B3775C8C3} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: zcnecda - c:\documents and settings\admin\local settings\application data\zcnecda.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: SecurityProviders = schannel.dll, credssp.dll, digest.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: >{WinXP-BE User Account Settings} - "c:\documents and settings\all users\winxp-be\Settings for new User Accounts.cmd"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 94.242.254.157 www.google-analytics.com.
Hosts: 94.242.254.157 google-analytics.com.
Hosts: 94.242.254.157 connect.facebook.net.
Hosts: 192.99.206.115 www.google-analytics.com.
Hosts: 192.99.206.115 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\dqumv166.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
user_pref(extensions.autoDisableScopes,14);
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true
.
============= SERVICES / DRIVERS ===============
.
R0 iastor9;iastor9;c:\windows\system32\drivers\iastor9.sys [2014-8-18 471360]
R1 SMR430;Symantec SMR Utility Service 4.3.0;c:\windows\system32\drivers\SMR430.SYS [2015-1-9 104120]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\iobit\advanced systemcare 8\ASCService.exe [2015-1-9 815392]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2015-1-9 344896]
R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2012-5-18 2938880]
R2 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-1-11 5426448]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp32.sys [2015-1-10 50200]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2015-1-9 247968]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2014-8-19 98504]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2015-1-9 31776]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2015-1-9 17360]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2015-1-9 2633024]
S2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2015-1-10 9216]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-8-19 1691480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2014-9-6 18944]
SUnknown IePluginServices;IePluginServices; [x]
.
=============== Created Last 30 ================
.
2015-01-11 18:06:50 -------- d-----w- c:\documents and settings\admin\local settings\application data\TeamViewer
2015-01-11 17:14:23 -------- d-----w- c:\windows\system32\XPSViewer
2015-01-11 17:08:51 -------- d-----w- c:\program files\TeamViewer
2015-01-10 20:45:06 -------- d-----w- C:\EEK
2015-01-10 08:14:24 -------- d-----w- c:\program files\ShadowExplorer
2015-01-10 07:44:12 282112 ----a-w- c:\windows\system32\TBD144.tmp
2015-01-09 23:36:24 -------- d--h--r- C:\AHCache
2015-01-09 23:13:04 138268 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmpBF.exe
2015-01-09 22:57:26 271136 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp91.exe
2015-01-09 22:52:29 -------- d-----w- c:\documents and settings\admin\application data\ProductData
2015-01-09 22:51:09 -------- d-----w- c:\documents and settings\admin\AppData
2015-01-09 22:50:53 -------- d-----w- c:\documents and settings\all users\application data\ProductData
2015-01-09 22:50:31 -------- d-----w- c:\documents and settings\admin\LocalLow
2015-01-09 22:50:30 -------- d-----w- c:\documents and settings\all users\application data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-09 22:50:23 -------- d-----w- c:\program files\common files\IObit
2015-01-09 22:50:23 -------- d-----w- c:\documents and settings\all users\application data\IObit
2015-01-09 22:50:03 -------- d-----w- c:\program files\IObit
2015-01-09 22:50:01 -------- d-----w- c:\documents and settings\admin\application data\IObit
2015-01-09 22:41:47 20 ----a-w- c:\windows\system32\drivers\SMR430.dat
2015-01-09 22:41:47 104120 ----a-w- c:\windows\system32\drivers\SMR430.SYS
2015-01-09 22:23:10 -------- d-----w- c:\documents and settings\admin\local settings\application data\NPE
2015-01-09 22:23:09 -------- d-----w- c:\documents and settings\all users\application data\Norton
2015-01-09 22:08:48 179600 ----a-w- c:\windows\system32\mfevtps.exe.0694.deleteme
2015-01-09 21:40:04 -------- d-----w- C:\Quarantine
2015-01-09 21:38:10 179600 ----a-w- c:\windows\system32\mfevtps.exe.4413.deleteme
2015-01-09 21:33:58 -------- d-----w- c:\program files\stinger
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\a108bfcdf2eb94e18941d5ce3e6741c3\Photo Builder Platinum.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\985dad9693e28798a31bfa21c4fd7506\Iron Speed Designer.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\96ab45b578bc860e933cae310d2363ce\Expressivo.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\95010cf3a500455856e8a7b6f5b0002e\Drumagog.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\8121bb898c1381151afeef5775156929\KMPlayer.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\7aeaf46c38b871dbaf6fd53de148f4bf\VIPRE Internet Security.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\72d328ce205f8949cc769727df068d49\NetSupport School.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\653adebd49bb6a1f2457e81a1297390d\Portrait Professional.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\49a7f87925e6e6b9eaf24517160f17e1\ESET Smart Security.exe
2015-01-08 21:55:22 54525952 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\0bae1e5b4c0e67df8189d527f93c9f2b\YouWave for Android.exe
2015-01-08 21:35:23 -------- d-----w- c:\documents and settings\admin\application data\WinCL
2015-01-08 21:19:23 12582912 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\7dca7b919c2684524c9f6ad02218e49a\Total Codec Pack.exe
2015-01-08 21:19:23 12582912 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\3c12717f2ec842c3c67defa37ddbe78f\Total Codec Pack.exe
2015-01-07 22:50:07 12582912 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\cachedicons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\WMP x264 Codec Pack.exe
2015-01-03 22:24:56 129728 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp954.exe
2015-01-02 19:16:33 138268 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp895.exe
2015-01-01 22:09:01 493395 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp806.exe
2015-01-01 21:54:53 316928 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp7D1.exe
2014-12-31 00:59:10 138268 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp2C6.exe
2014-12-30 21:48:27 550123 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp254.exe
2014-12-30 21:42:49 37888 ----a-w- c:\documents and settings\admin\local settings\application data\zcnecda.dll
2014-12-30 21:42:48 -------- d-----w- c:\documents and settings\all users\application data\GozuDuji
2014-12-30 21:34:18 -------- d-----w- c:\documents and settings\admin\local settings\application data\Otmdics
2014-12-30 21:33:31 -------- d-----w- c:\documents and settings\admin\local settings\application data\Asngworks
2014-12-30 21:33:24 310784 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\temp\tmp244.exe
2014-12-30 20:47:27 1484800 ----a-w- c:\documents and settings\all users\application data\microsoft\secure\icons\IconsCacheHelper.dll
2014-12-28 22:15:25 -------- d-----w- c:\program files\AVI MP4 Converter 5
2014-12-28 22:14:12 -------- d-----w- c:\documents and settings\all users\application data\1803528019
2014-12-28 22:13:37 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2014-12-28 22:02:54 -------- d-----w- c:\documents and settings\admin\application data\convertaudiofree
2014-12-28 22:01:48 -------- d-----w- c:\documents and settings\all users\application data\IePluginServices
2014-12-28 22:01:45 -------- d-----w- c:\documents and settings\admin\local settings\application data\Opera Software
2014-12-28 22:01:28 -------- d-----w- c:\documents and settings\admin\application data\Opera Software
2014-12-28 22:00:38 -------- d-----w- c:\documents and settings\admin\application data\sweet-page
.
==================== Find3M  ====================
.
2014-11-26 15:56:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2014-11-19 03:31:16 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-17 18:13:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-17 18:13:14 19456 ----a-w- c:\windows\system32\corpol.dll
2014-11-17 18:13:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-17 17:47:02 385024 ----a-w- c:\windows\system32\html.iec
2014-11-17 09:13:16 920064 ----a-w- c:\windows\system32\wininet.dll
2014-10-25 01:04:09 301568 ----a-w- c:\windows\system32\kerberos.dll
2014-10-18 01:17:56 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 19:18:35,81 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 11 January 2015 - 01:35 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi fredXhunger,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 11 January 2015 - 01:51 PM

Hey Toffee, thank you sooo much for helping me out. I'm a complete fool when it comes to stuff like this, and my computer is probably the worst piece of bleep you can find, but I just want to make sure it's clean and hopefully get my encrypted files back some day. Anyways, here's the two documents, and let me know if I missed something or did something wrong:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015
Ran by Admin (administrator) on WXPPX86BE-0296 on 11-01-2015 19:50:22
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\TaskSwitch.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\DiskDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20053608 2011-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5243712 2014-12-18] (IObit)
Winlogon\Notify\zcnecda: C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll ()
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-27] (Spotify Ltd)
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Otmdics] => regsvr32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics\plugin-hang-ui.dll"
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [GozuDuji] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\GozuDuji\QuzvUhji.cpw"
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [zcnecda] => rundll32 "C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll",zcnecda
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Acxvworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks\qtmzafrwrur.dll"
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [MaxRecentDocs] 18
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\MountPoints2: V - V:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs ()
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {D671275A-5E31-42B8-924E-2DDF8CC2EADB} URL = https://duckduckgo.com/?q={searchTerms}&kp=-1
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live inloggningshjälpen -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.150.193.150
Tcpip\..\Interfaces\{56B41582-DCC6-4D91-8360-F332809A5568}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{72B585A5-DB51-43D1-8A11-B9936049B6C7}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AFDAB87-78F8-47F1-BBFA-0F5C23C4E608}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4870E49-6298-4048-9265-F31B3775C8C3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default
FF NewTab: hxxp://www.sweet-page.com/newtab/?type=nt&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml
FF Extension: Fast Start - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\faststartff@gmail.com [2014-12-28]
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-09]
FF Extension: EngUKWrdBrk Class - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{363C2C69-AC9F-1F3E-E010-768FA0D1844A} [2014-12-30]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{2b4f8230-394e-4951-9495-bafd44d837da}.xpi [2014-12-28]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://se.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
CHR StartupUrls: Default -> "https://www.facebook.com/", "https://mail.google.com/mail/u/0/#inbox", "https://dub129.mail.live.com/default.aspx?id=64855", "hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Adblock for Youtube™) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-08-19]
CHR Extension: (Sök på Google) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (AdBlock) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]
CHR Extension: (FastestFox for Chrome) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-08-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-08-19] (Macrovision Europe Ltd.) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-12-12] (IObit)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2633024 2014-12-12] (IObit)
R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
S2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-14] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{6F25DCD6-988B-408C-9CB0-E4F6ACC922C0}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2158848 2013-11-27] (Atheros Communications, Inc.)
R3 BazisVirtualCDBus; C:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-11] (Emsisoft GmbH)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2014-11-10] (IObit)
R0 iastor9; C:\WINDOWS\system32\Drivers\iastor9.sys [471360 2014-07-14] (Intel Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [98504 2013-06-20] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2014-11-10] (IObit.com)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
R1 SMR430; C:\WINDOWS\System32\drivers\SMR430.SYS [104120 2015-01-09] (Symantec Corporation)
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2014-11-10] (IObit.com)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 mbr; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 19:49 - 2015-01-11 19:50 - 00000000 ____D () C:\FRST
2015-01-11 19:18 - 2015-01-11 19:18 - 00020597 _____ () C:\Documents and Settings\Admin\Desktop\dds.txt
2015-01-11 19:18 - 2015-01-11 19:18 - 00009121 _____ () C:\Documents and Settings\Admin\Desktop\attach.txt
2015-01-11 19:14 - 2015-01-11 19:14 - 00688992 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\dds.com
2015-01-11 19:06 - 2015-01-11 19:06 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\TeamViewer
2015-01-11 18:14 - 2015-01-11 18:14 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-01-11 18:14 - 2015-01-11 18:14 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-11 18:09 - 2015-01-11 18:09 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-01-11 18:09 - 2015-01-11 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-01-11 18:08 - 2015-01-11 19:06 - 00000000 ____D () C:\Program Files\TeamViewer
2015-01-10 21:46 - 2015-01-11 18:56 - 00000637 _____ () C:\Documents and Settings\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-10 21:45 - 2015-01-11 18:56 - 00000000 ____D () C:\EEK
2015-01-10 09:14 - 2015-01-10 09:14 - 00001560 _____ () C:\Documents and Settings\Admin\Desktop\ShadowExplorer.lnk
2015-01-10 09:14 - 2015-01-10 09:14 - 00000000 ____D () C:\Program Files\ShadowExplorer
2015-01-10 09:14 - 2015-01-10 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ShadowExplorer
2015-01-10 09:06 - 2015-01-10 09:06 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-10 08:44 - 2008-07-30 01:34 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TBD144.tmp
2015-01-10 00:37 - 2015-01-11 18:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-10 00:36 - 2015-01-10 00:36 - 00000000 __RHD () C:\AHCache
2015-01-10 00:19 - 2015-01-10 00:34 - 00009045 _____ () C:\WINDOWS\setupapi.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00006638 _____ () C:\WINDOWS\iis6.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00003489 _____ () C:\WINDOWS\ocgen.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00002822 _____ () C:\WINDOWS\tsoc.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00002062 _____ () C:\WINDOWS\comsetup.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013410$
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 ____D () C:\WINDOWS\LastGood
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-10 00:07 - 2015-01-10 00:07 - 23191552 _____ () C:\WINDOWS\system32\config\software.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00237568 _____ () C:\WINDOWS\system32\config\default.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00049152 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-01-09 23:52 - 2015-01-09 23:52 - 00000280 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\ProductData
2015-01-09 23:51 - 2015-01-09 23:51 - 00000881 _____ () C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2015-01-09 23:50 - 2015-01-09 23:53 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\IObit
2015-01-09 23:50 - 2015-01-09 23:52 - 00000000 ____D () C:\Program Files\IObit
2015-01-09 23:50 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-01-09 23:50 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-09 23:41 - 2015-01-09 23:42 - 00104120 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
2015-01-09 23:41 - 2015-01-09 23:42 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
2015-01-09 23:38 - 2015-01-09 23:38 - 00001506 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.bak
2015-01-09 23:23 - 2015-01-09 23:42 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\NPE
2015-01-09 23:23 - 2015-01-09 23:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-09 23:08 - 2015-01-09 23:08 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe.0694.deleteme
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Quarantine
2015-01-09 22:38 - 2015-01-09 22:38 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe.4413.deleteme
2015-01-09 22:33 - 2015-01-09 23:24 - 00000000 ____D () C:\Program Files\stinger
2015-01-08 22:40 - 2015-01-08 22:40 - 00343784 _____ () C:\Documents and Settings\Admin\enc_files.txt
2015-01-08 22:35 - 2015-01-11 18:46 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\WinCL
2014-12-30 22:42 - 2014-12-30 22:42 - 00037888 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll
2014-12-30 22:42 - 2014-12-30 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GozuDuji
2014-12-30 22:34 - 2014-12-30 22:34 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics
2014-12-30 22:33 - 2015-01-09 22:40 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks
2014-12-30 21:48 - 2015-01-11 18:09 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-12-28 23:15 - 2014-12-28 23:15 - 00000747 _____ () C:\Documents and Settings\All Users\Desktop\AVI MP4 Converter.lnk
2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Program Files\AVI MP4 Converter 5
2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVI MP4 Converter
2014-12-28 23:14 - 2014-12-28 23:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\1803528019
2014-12-28 23:13 - 2014-12-28 23:13 - 00000000 __SHD () C:\Documents and Settings\Admin\PrivacIE
2014-12-28 23:06 - 2014-12-28 23:06 - 00000000 ____D () C:\Documents and Settings\Admin\My Documents\Optimizer Pro
2014-12-28 23:02 - 2014-12-28 23:02 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\convertaudiofree
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IePluginServices
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Opera Software
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Opera Software
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\sweet-page
2014-12-28 22:59 - 2014-12-28 23:13 - 00000000 ____D () C:\Program Files\Opera
2014-12-26 20:35 - 2014-12-26 20:35 - 00000000 _____ () C:\Documents and Settings\Admin\Desktop\New Text Document.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 19:51 - 2014-08-19 07:08 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2015-01-11 19:15 - 2014-08-18 22:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-11 19:14 - 2014-08-19 08:53 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 18:31 - 2014-08-19 07:02 - 01301372 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-11 18:24 - 2014-08-19 01:56 - 00489254 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-10 21:14 - 2014-08-19 08:53 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 19:14 - 2014-08-19 07:08 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-10 00:19 - 2014-08-19 06:48 - 00012834 _____ () C:\WINDOWS\system32\TZLog.log
2015-01-10 00:17 - 2014-08-19 09:18 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\BitTorrent
2015-01-10 00:07 - 2014-08-19 07:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-10 00:07 - 2014-08-19 07:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-09 23:51 - 2014-09-06 09:52 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Apple Computer
2015-01-09 23:51 - 2014-08-19 07:08 - 00000000 ____D () C:\Documents and Settings\Admin
2015-01-09 23:40 - 2014-08-19 01:59 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2015-01-09 23:40 - 2014-08-19 01:59 - 00000048 ____N () C:\WINDOWS\wiaservc.log
2015-01-09 23:39 - 2014-08-19 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-09 23:38 - 2014-08-19 07:08 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-01-09 23:38 - 2014-08-19 01:52 - 00000211 _____ () C:\boot.ini
2015-01-09 23:26 - 2014-08-18 22:44 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-09 22:23 - 2014-08-19 06:56 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Spotify
2015-01-09 21:08 - 2014-08-19 06:57 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Spotify
2015-01-08 22:40 - 2014-12-09 20:28 - 81172205 _____ () C:\Documents and Settings\Admin\Desktop\Fredag den 13e Kladd.rar
2015-01-08 22:40 - 2014-12-09 20:28 - 80122265 _____ () C:\Documents and Settings\Admin\Desktop\Lack of Loud Mix 2.rar
2015-01-08 22:40 - 2014-12-09 20:28 - 20538259 _____ () C:\Documents and Settings\Admin\Desktop\PW Kladd.rar
2014-12-31 20:34 - 2014-08-19 07:01 - 00000000 ____D () C:\WINDOWS\system32\Restore
 
Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx20Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx30Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx35Client_Package_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015
Ran by Admin at 2015-01-11 19:52:03
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
AVI MP4 Converter v5.5 build 1147 (HKLM\...\{79298443-6833-4E5C-979B-EAAED05E6EA8}_is1) (Version:  - Hoo Technologies)
BitLocker To Go Reader (HKLM\...\KB970401) (Version:  - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
ContextConsole Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 2.1.0.1 - Kai Liu)
DigiHelp (HKLM\...\DigiHelp) (Version: 2014.12.28.182146 - DigiHelp) <==== ATTENTION!
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 6.14.10.5260 - Intel Corporation)
IObit Malware Fighter 3 Beta (HKLM\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Jagged Alliance 2 Gold (HKLM\...\Jagged Alliance 2 Gold) (Version:  - )
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
License Support (HKLM\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework Client Profile - PREVIEW (HKLM\...\Microsoft.Net.Client.3.5) (Version: 3.5 - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6373 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SumatraPDF 2.5.2 (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live inloggningsassistenten (HKLM\...\{0E93710D-31E5-477C-8A4B-5032B484BE74}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Visual C++ Redistributables (HKLM\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1844237615-1801674531-527237240-1003_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-1844237615-1801674531-527237240-1003_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll (Simon Bünzli)
 
==================== Restore Points  =========================
 
09-01-2015 23:37:53 Norton_Power_Eraser_20150109233748500
10-01-2015 00:19:38 Installed Windows XP KB3013410.
11-01-2015 18:01:36 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-08-18 22:42 - 2015-01-11 18:09 - 00001509 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
94.242.254.157 www.google-analytics.com.
94.242.254.157 google-analytics.com.
94.242.254.157 connect.facebook.net.
192.99.206.115 www.google-analytics.com.
192.99.206.115 google-analytics.com.
192.99.206.115 connect.facebook.net.
185.53.9.209 www.google-analytics.com.
185.53.9.209 google-analytics.com.
185.53.9.209 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-30 22:42 - 2014-12-30 22:42 - 00037888 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll
2014-12-30 21:47 - 2014-12-30 21:47 - 01804288 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-12-30 22:34 - 2014-12-30 22:34 - 01291776 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics\plugin-hang-ui.dll
2014-12-30 21:47 - 2014-12-30 21:47 - 01484800 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll
2002-03-19 23:30 - 2002-03-19 23:30 - 00045632 _____ () C:\WINDOWS\system32\taskswitch.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-30 23:23 - 2014-12-30 23:23 - 01294848 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks\qtmzafrwrur.dll
2015-01-09 23:50 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2015-01-09 23:50 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-09 23:50 - 2014-12-10 09:14 - 01284896 _____ () C:\Program Files\IObit\Advanced SystemCare 8\Scan.dll
2015-01-09 23:50 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-01-09 23:50 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-01-09 23:50 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-01-09 23:50 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files\IObit\Advanced SystemCare 8\ProductStatistics.dll
2015-01-09 23:50 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-01-09 23:50 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-01-09 23:50 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-01-09 23:52 - 2014-11-22 16:10 - 00516440 _____ () C:\Program Files\IObit\IObit Malware Fighter\sqlite3.dll
2015-01-09 23:52 - 2014-11-10 18:48 - 00182080 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2015-01-09 23:52 - 2014-11-10 18:48 - 00145216 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2014-08-18 22:42 - 2008-04-14 15:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2014-08-18 22:43 - 2008-04-14 15:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-22 16:34 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-22 16:34 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-08-19 09:15 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-19 09:15 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-1844237615-1801674531-527237240-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-1844237615-1801674531-527237240-500 - Administrator - Disabled)
Guest (S-1-5-21-1844237615-1801674531-527237240-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1844237615-1801674531-527237240-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1844237615-1801674531-527237240-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2015 07:14:30 PM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1260. Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.
(NULL)(NULL)(NULL)(NULL)
 
Error: (01/11/2015 06:33:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (01/11/2015 06:33:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
Error: (01/11/2015 06:32:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (01/11/2015 06:32:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: PresentationUI, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (01/11/2015 06:31:07 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (01/11/2015 06:29:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (01/11/2015 06:29:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: PresentationFontCache, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (01/11/2015 06:19:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Speech, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (01/11/2015 06:19:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
 
 
System errors:
=============
Error: (01/10/2015 06:55:43 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.12 on the
Network Card with network address 742F68EC7597.
 
Error: (01/10/2015 09:15:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ShadowExplorer Service service failed to start due to the following error: 
%%1053
 
Error: (01/10/2015 09:15:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the ShadowExplorer Service service to connect.
 
Error: (01/09/2015 11:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%193
 
Error: (01/09/2015 11:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IePlugin Services service failed to start due to the following error: 
%%193
 
Error: (01/09/2015 11:32:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iastor9
 
Error: (01/09/2015 11:32:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%193
 
Error: (01/09/2015 11:32:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IePlugin Services service failed to start due to the following error: 
%%193
 
Error: (01/09/2015 11:26:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iastor9
 
Error: (01/09/2015 11:26:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%193
 
 
Microsoft Office Sessions:
=========================
Error: (01/11/2015 07:14:30 PM) (Source: MsiInstaller) (EventID: 11260) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1260. Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.
(NULL)(NULL)(NULL)(NULL)
 
Error: (01/11/2015 06:33:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (01/11/2015 06:33:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 
System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
Error: (01/11/2015 06:32:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (01/11/2015 06:32:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: PresentationUI, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
PresentationUI, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (01/11/2015 06:31:07 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (01/11/2015 06:29:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (01/11/2015 06:29:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: PresentationFontCache, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
PresentationFontCache, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (01/11/2015 06:19:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Speech, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
System.Speech, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (01/11/2015 06:19:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 
System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Atom™ CPU N570 @ 1.66GHz
Percentage of memory in use: 58%
Total physical RAM: 1014.04 MB
Available physical RAM: 421.04 MB
Total Pagefile: 2435.34 MB
Available Pagefile: 1151.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.83 GB) (Free:2.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Fred) (Fixed) (Total:249.26 GB) (Free:190.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00012276)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 11 January 2015 - 03:32 PM

Hi fredXhunger,
 
Your system is quite badly infected, but we will get it cleaned it up :)
 
--------------
 
Have you changed your host file?
 
--------------
 
We need to remove programs using "Add/Remove Programs"

Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please double-click the "Add or Remove Programs" icon.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Advanced SystemCare 8
DigiHelp
sweet-page uninstall

Additional instructions can be found here if needed.
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
Winlogon\Notify\zcnecda: C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll ()
C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll

HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Otmdics] => regsvr32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics\plugin-hang-ui.dll"
C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [GozuDuji] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\GozuDuji\QuzvUhji.cpw"
C:\Documents and Settings\All Users\Application Data\GozuDuji
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [zcnecda] => rundll32 "C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll",zcnecda
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Acxvworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks\qtmzafrwrur.dll"
C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-01-10 08:44 - 2008-07-30 01:34 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TBD144.tmp
Folder: C:\Documents and Settings\Admin\PrivacIE
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Answer to hosts question
  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 11 January 2015 - 04:08 PM

Hey again, thanks for the help. 
No, I haven't changed my host files.
Here's the fixlog:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-01-2015
Ran by Admin at 2015-01-11 22:03:55 Run:1
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\zcnecda: C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll ()
C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll
 
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Otmdics] => regsvr32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics\plugin-hang-ui.dll"
C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [GozuDuji] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\GozuDuji\QuzvUhji.cpw"
C:\Documents and Settings\All Users\Application Data\GozuDuji
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [zcnecda] => rundll32 "C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll",zcnecda
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Acxvworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks\qtmzafrwrur.dll"
C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-01-10 08:44 - 2008-07-30 01:34 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TBD144.tmp
Folder: C:\Documents and Settings\Admin\PrivacIE
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zcnecda" => Key deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\zcnecda.dll => Moved successfully.
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Otmdics => value deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\Otmdics => Moved successfully.
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Run\\GozuDuji => value deleted successfully.
C:\Documents and Settings\All Users\Application Data\GozuDuji => Moved successfully.
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Run\\zcnecda => value deleted successfully.
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Acxvworks => value deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Application Data\Asngworks => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
 
"C:\Documents and Settings\All Users\Application Data\Microsoft\Secure" directory move:
 
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp2.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp240.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp244.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp244.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp254.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp254.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp2A.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp2A.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp2C6.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp2C6.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp471.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp54.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp54.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp6.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp7.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp765.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp7D1.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp7D1.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp806.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp806.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp895.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp895.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp91.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp91.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp945.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp954.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmp954.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmpBF.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\tmpBF.tmp => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\{0E3107F8-0381-663A-19AF-63B38BFD7243} => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\temp\{7CBC9CC1-0D55-4EC5-B7B7-A2EF27BB1956} => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\00a55acdb577550bff00d85cfe76c39f" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\34363e8fef4a21563825b6de06217745 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\34a398fb6c571d1c4d38e5f036bbe84e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\5af844afa530296eee190488713a4683 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\64a1025bf5f20dc0a452a7f2baddab99 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\6df28ba66161ee6c0352c43eca6c22a5 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\78b23f1a261bcc6e815b4dee779a1876 => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\8bb65f1fd0e15a536ee579a54dd0f038" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\dbadf687331785c824ea9f609eee1831" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Pompeii 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Pompeii 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fb0d1e515805b2c6c72d7f084bd72d82\Snowpiercer 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fb0d1e515805b2c6c72d7f084bd72d82\Snowpiercer 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fb0d1e515805b2c6c72d7f084bd72d82\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\Jupiter Ascending 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\Jupiter Ascending 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f9c565585bd21f38ecc4698ca16d164e\PDF-ShellTools.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f9c565585bd21f38ecc4698ca16d164e\PDF-ShellTools.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Star Wars Episode VII - The Force Awakens 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Star Wars Episode VII - The Force Awakens 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f638dd3eacdb1c7fbc1fd950c36dbfb7\APE Ripper.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f638dd3eacdb1c7fbc1fd950c36dbfb7\APE Ripper.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f21c6b4a4bfd1ea6df2a86b30a382a0f\HyperTerminal Private Edition.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f21c6b4a4bfd1ea6df2a86b30a382a0f\HyperTerminal Private Edition.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f0610cb47c7c3628ed084fc5fa811090\Still Alice 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f0610cb47c7c3628ed084fc5fa811090\Still Alice 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f0610cb47c7c3628ed084fc5fa811090\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ecf687b149c11d2941e51866713a60cc\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ecf687b149c11d2941e51866713a60cc\Windows Live Messenger.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ecf687b149c11d2941e51866713a60cc\Windows Live Messenger.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ec2ae06168a5dd4a76179295138a0c8a\Prism Video File Converter Plus.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ec2ae06168a5dd4a76179295138a0c8a\Prism Video File Converter Plus.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ec2ae06168a5dd4a76179295138a0c8a\Setup.dat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\The Pyramid 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\The Pyramid 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e7cab7129510b045fa319443d079a1d1\Driver Detective.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e7cab7129510b045fa319443d079a1d1\Driver Detective.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e743528acf4010f84595a60e4968243c\Unbroken 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e743528acf4010f84595a60e4968243c\Unbroken 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e743528acf4010f84595a60e4968243c\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\Seventh Son 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\Seventh Son 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e2839b0dec29e117d183cacec3a9441d\Still Alice 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e2839b0dec29e117d183cacec3a9441d\Still Alice 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e2839b0dec29e117d183cacec3a9441d\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dfa31c17676dc4bc20e591536a587607\Avid Liquid.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dfa31c17676dc4bc20e591536a587607\Avid Liquid.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dfa31c17676dc4bc20e591536a587607\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de59ab2eb41a5f03e01fd9be13ede717\VeryPDF PDF2Word.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de59ab2eb41a5f03e01fd9be13ede717\VeryPDF PDF2Word.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\The Equalizer 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\The Equalizer 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de3b762cae0a173b9b5879dd467e87ad\Resolume Avenue.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de3b762cae0a173b9b5879dd467e87ad\Resolume Avenue.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de3b762cae0a173b9b5879dd467e87ad\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dc723bb08357968da468f51dd0617195\Wyzo.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dc723bb08357968da468f51dd0617195\Wyzo.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Interstellar 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Interstellar 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d6eb74b6734f7999e620a0a65145a5a1\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d6eb74b6734f7999e620a0a65145a5a1\Tusk 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d6eb74b6734f7999e620a0a65145a5a1\Tusk 2014.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d2b952690da0fb72bbd02e7d545c300d\Acronis Disk Director 11 Home.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d2b952690da0fb72bbd02e7d545c300d\Acronis Disk Director 11 Home.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d2b952690da0fb72bbd02e7d545c300d\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cec6c85a7bf9770323e16af12d5f97c7\Microsoft Access 2010.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cec6c85a7bf9770323e16af12d5f97c7\Microsoft Access 2010.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cec6c85a7bf9770323e16af12d5f97c7\Setup.dat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\Night at the Museum Secret of the Tomb 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\Night at the Museum Secret of the Tomb 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cc3345146a227449591c880e60fb3290\Tammy 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cc3345146a227449591c880e60fb3290\Tammy 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cc3345146a227449591c880e60fb3290\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Pitch Perfect 2 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Pitch Perfect 2 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c85704bb576f18c3ec859bfa111dd3f7\Inside Out 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c85704bb576f18c3ec859bfa111dd3f7\Inside Out 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c85704bb576f18c3ec859bfa111dd3f7\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\God Help the Girl 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\God Help the Girl 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c7c28beaebaf0e1400e7dc34c2458f7b\Softperfect Network Sniffer.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c7c28beaebaf0e1400e7dc34c2458f7b\Softperfect Network Sniffer.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\The Riot Club 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\The Riot Club 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c61ab6d3623936c79d58e7bcb8814406\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c61ab6d3623936c79d58e7bcb8814406\Symantec Ghost Solution Suite.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c61ab6d3623936c79d58e7bcb8814406\Symantec Ghost Solution Suite.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c56a4cb0713e08a0547bfa93c168a720\Allok RM RMVB to AVI MPEG DVD Converter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c56a4cb0713e08a0547bfa93c168a720\Allok RM RMVB to AVI MPEG DVD Converter.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\The Grand Budapest Hotel 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\The Grand Budapest Hotel 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c31d174d2153e1a1aa705919332e98e3\Real Cut 2D.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c31d174d2153e1a1aa705919332e98e3\Real Cut 2D.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Kingsman The Secret Service 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Kingsman The Secret Service 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bfbb5813ee0711af243a03d97704abdf\Moyea SWF to Video Converter Pro.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bfbb5813ee0711af243a03d97704abdf\Moyea SWF to Video Converter Pro.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\The Boy Next Door 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\The Boy Next Door 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Minions 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Minions 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\baef391f673e047f2ce39bcf50094121\BIOS Agent Plus.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\baef391f673e047f2ce39bcf50094121\BIOS Agent Plus.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\baef391f673e047f2ce39bcf50094121\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ba63b318097845601a4aaa38587c3d7c\DAEMON Tools Lite.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ba63b318097845601a4aaa38587c3d7c\DAEMON Tools Lite.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\The Best of Me 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\The Best of Me 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b7728f9161071e0bb46ec047076169be\The Guest 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b7728f9161071e0bb46ec047076169be\The Guest 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b7728f9161071e0bb46ec047076169be\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b52f8b226fc7926a0a6cfa8fe2706390\Under the Skin 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b52f8b226fc7926a0a6cfa8fe2706390\Under the Skin 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b52f8b226fc7926a0a6cfa8fe2706390\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b3b30bd50c0bacc5d164db0d57c03cb6\Adobe After Effects.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b3b30bd50c0bacc5d164db0d57c03cb6\Adobe After Effects.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b3b30bd50c0bacc5d164db0d57c03cb6\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b30e99c52159da57b8bcd5b2297dd3e7\Advanced ID Creator Premier.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b30e99c52159da57b8bcd5b2297dd3e7\Advanced ID Creator Premier.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b1a0ac53a40868da95442673c0e7d028\iPhone Backup Extractor.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b1a0ac53a40868da95442673c0e7d028\iPhone Backup Extractor.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b194966ad87960ede3e9f76d505e1e69\A Walk Among the Tombstones 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b194966ad87960ede3e9f76d505e1e69\A Walk Among the Tombstones 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b194966ad87960ede3e9f76d505e1e69\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\af2ddfc65c23446c22fdbe4bda2ca3ad\Hotspot Shield.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\af2ddfc65c23446c22fdbe4bda2ca3ad\Hotspot Shield.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ada6dee5c6f65c10b4638cb3edb56dc3\John Wick 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ada6dee5c6f65c10b4638cb3edb56dc3\John Wick 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ada6dee5c6f65c10b4638cb3edb56dc3\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ac50ed5a619df3eb7cac66cf8e3ef3c0\About Time 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ac50ed5a619df3eb7cac66cf8e3ef3c0\About Time 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ac50ed5a619df3eb7cac66cf8e3ef3c0\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ab0bb2fe40090c72f357b98d9fbe9030\ESET NOD32 Antivirus.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ab0bb2fe40090c72f357b98d9fbe9030\ESET NOD32 Antivirus.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Top Five 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Top Five 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Love Rosie 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Love Rosie 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a108bfcdf2eb94e18941d5ce3e6741c3\Photo Builder Platinum.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a108bfcdf2eb94e18941d5ce3e6741c3\Photo Builder Platinum.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f376fd52a4b6922c363fbb95bb44c28\The Maze Runner 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f376fd52a4b6922c363fbb95bb44c28\The Maze Runner 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f376fd52a4b6922c363fbb95bb44c28\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f3677ef3d3d23ec6894fff1e96c49f7\Multilizer PDF Translator.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f3677ef3d3d23ec6894fff1e96c49f7\Multilizer PDF Translator.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\99209be368313df6547eccb4dfdf98bc\The Skeleton Twins 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\99209be368313df6547eccb4dfdf98bc\The Skeleton Twins 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\99209be368313df6547eccb4dfdf98bc\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Horrible Bosses 2 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Horrible Bosses 2 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\985dad9693e28798a31bfa21c4fd7506\Iron Speed Designer.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\985dad9693e28798a31bfa21c4fd7506\Iron Speed Designer.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\96c0e37fc1a5dd9c18a8797d884456b6\HDD Unlock.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\96c0e37fc1a5dd9c18a8797d884456b6\HDD Unlock.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\96ab45b578bc860e933cae310d2363ce\Expressivo.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\96ab45b578bc860e933cae310d2363ce\Expressivo.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\Hercules 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\Hercules 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9539bc5ab864fa12e62d936835b9130a\URL Helper.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9539bc5ab864fa12e62d936835b9130a\URL Helper.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9530428d457a6fc523d21310b2f674d8\Xilisoft DivX to DVD Converter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9530428d457a6fc523d21310b2f674d8\Xilisoft DivX to DVD Converter.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\95010cf3a500455856e8a7b6f5b0002e\Drumagog.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\95010cf3a500455856e8a7b6f5b0002e\Drumagog.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9345a8cca3fbf2956dbd34fb1ca11015\Adobe Presenter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9345a8cca3fbf2956dbd34fb1ca11015\Adobe Presenter.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9345a8cca3fbf2956dbd34fb1ca11015\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\932c9599ee7afdc3ab5b91d80b9543c2\Direct MIDI to MP3 Converter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\932c9599ee7afdc3ab5b91d80b9543c2\Direct MIDI to MP3 Converter.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\Affluenza 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\Affluenza 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8d5445dd0a4948296ee32baac96442e8\RamDisk Plus.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8d5445dd0a4948296ee32baac96442e8\RamDisk Plus.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8d177e4e5678716aef26789cad30a865\Net Nanny.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8d177e4e5678716aef26789cad30a865\Net Nanny.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\89dbb45bfc3a453086cabdfdf9d88101\VPN-X Server.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\89dbb45bfc3a453086cabdfdf9d88101\VPN-X Server.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8121bb898c1381151afeef5775156929\KMPlayer.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8121bb898c1381151afeef5775156929\KMPlayer.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7f691c124411bcf42c47521a5cb099d3\Kaspersky Anti-Virus.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7f691c124411bcf42c47521a5cb099d3\Kaspersky Anti-Virus.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7f691c124411bcf42c47521a5cb099d3\Setup.dat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dd358b710ccfad5f836ff44daa8fef8\23 Blast 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dd358b710ccfad5f836ff44daa8fef8\23 Blast 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dd358b710ccfad5f836ff44daa8fef8\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dca7b919c2684524c9f6ad02218e49a\Taken 3 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dca7b919c2684524c9f6ad02218e49a\Taken 3 2015.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dca7b919c2684524c9f6ad02218e49a\Total Codec Pack.exe => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\Blue Ruin 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\Blue Ruin 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c2b8027b6b4bc7604321d6a3b15a3d3\The Amazing Spider-Man 2 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c2b8027b6b4bc7604321d6a3b15a3d3\The Amazing Spider-Man 2 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c2b8027b6b4bc7604321d6a3b15a3d3\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7aeaf46c38b871dbaf6fd53de148f4bf\VIPRE Internet Security.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7aeaf46c38b871dbaf6fd53de148f4bf\VIPRE Internet Security.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\79e451149e8c51ec8f135b9e210f9074\Recovery Toolbox for RAR (formerly RAR Recovery Toolbox).exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\79e451149e8c51ec8f135b9e210f9074\Recovery Toolbox for RAR (formerly RAR Recovery Toolbox).nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\American Sniper 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\American Sniper 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\77ad522f2c61aac82abe7f7e636acc0f\Expat Shield.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\77ad522f2c61aac82abe7f7e636acc0f\Expat Shield.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\775c5cb3ed1fd8286494c4760004c699\NokiaFREE Unlock Codes Calculator.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\775c5cb3ed1fd8286494c4760004c699\NokiaFREE Unlock Codes Calculator.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\775c5cb3ed1fd8286494c4760004c699\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\72d328ce205f8949cc769727df068d49\NetSupport School.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\72d328ce205f8949cc769727df068d49\NetSupport School.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\The Legend of Hercules 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\The Legend of Hercules 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6bbe17c99bf1331c3fa03411109d8f2f\Super Internet TV.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6bbe17c99bf1331c3fa03411109d8f2f\Super Internet TV.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\653adebd49bb6a1f2457e81a1297390d\Portrait Professional.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\653adebd49bb6a1f2457e81a1297390d\Portrait Professional.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6494dda7a6b62fbc73902ffb0bcf923e\KONTAKT 4.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6494dda7a6b62fbc73902ffb0bcf923e\KONTAKT 4.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6494dda7a6b62fbc73902ffb0bcf923e\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\641c1e78499c545a386dc98a963a3474\pdfFactory Pro.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\641c1e78499c545a386dc98a963a3474\pdfFactory Pro.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\640fb8144bc44bc873c1afe250d16f8a\Skype.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\640fb8144bc44bc873c1afe250d16f8a\Skype.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\American Hustle 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\American Hustle 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\Atlas Shrugged Who Is John Galt 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\Atlas Shrugged Who Is John Galt 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\5a832b8ea1afe7afaf23d4962a5155e6\DJ Java Decompiler.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\5a832b8ea1afe7afaf23d4962a5155e6\DJ Java Decompiler.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\59c8069af9601fbe724f834646cf185c\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\59c8069af9601fbe724f834646cf185c\Xpadder.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\59c8069af9601fbe724f834646cf185c\Xpadder.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\58ecec502ab6baba40af8e088e2eff19\RealPlayer.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\58ecec502ab6baba40af8e088e2eff19\RealPlayer.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\58ecec502ab6baba40af8e088e2eff19\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\55c72c3ddbcf5f48a0ef378fb4dbf456\Hamachi.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\55c72c3ddbcf5f48a0ef378fb4dbf456\Hamachi.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\552fdb02c1eb1f4ea3f24e54becb2ea5\Extreme Picture Finder.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\552fdb02c1eb1f4ea3f24e54becb2ea5\Extreme Picture Finder.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4eb8a9acec25045bbc2228a70f1b5928\PC Video Converter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4eb8a9acec25045bbc2228a70f1b5928\PC Video Converter.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4c5ef60dcabf88745285336bc1c2bde9\ClickRepair.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4c5ef60dcabf88745285336bc1c2bde9\ClickRepair.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4bc30d4713e7434afc650c9c6238de1d\Extraterrestrial 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4bc30d4713e7434afc650c9c6238de1d\Extraterrestrial 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4bc30d4713e7434afc650c9c6238de1d\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\John Wick 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\John Wick 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\49a7f87925e6e6b9eaf24517160f17e1\ESET Smart Security.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\49a7f87925e6e6b9eaf24517160f17e1\ESET Smart Security.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\472ad06d8902fa9a78fcf2e099b2a5c4\Hotspot Shield Elite.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\472ad06d8902fa9a78fcf2e099b2a5c4\Hotspot Shield Elite.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\433198b59edb8d79f3e30db3a2ee51a9\iClone.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\433198b59edb8d79f3e30db3a2ee51a9\iClone.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\433198b59edb8d79f3e30db3a2ee51a9\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3efde02b55710ed826854c1095d358f7\Hulu Downloader.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3efde02b55710ed826854c1095d358f7\Hulu Downloader.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e425c22d9817056e9a7d6a6ec0c31e9\SAM Broadcaster PRO.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e425c22d9817056e9a7d6a6ec0c31e9\SAM Broadcaster PRO.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e3c1298f2d6dd3e9aa2314f17f34625\Hungry Hearts 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e3c1298f2d6dd3e9aa2314f17f34625\Hungry Hearts 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e3c1298f2d6dd3e9aa2314f17f34625\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\The Rover 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\The Rover 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3cc1fda5c7a4f1b66f3a0e5477102052\Best MP4 To MP3 Converter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3cc1fda5c7a4f1b66f3a0e5477102052\Best MP4 To MP3 Converter.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3c12717f2ec842c3c67defa37ddbe78f\As Above So Below 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3c12717f2ec842c3c67defa37ddbe78f\As Above So Below 2014.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3c12717f2ec842c3c67defa37ddbe78f\Total Codec Pack.exe => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Ex Machina 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Ex Machina 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\Love Rosie 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\Love Rosie 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\38cf5f219c7f1d78ed214d039a685aff\PDF Password Cracker Pro.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\38cf5f219c7f1d78ed214d039a685aff\PDF Password Cracker Pro.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\Maleficent 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\Maleficent 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\A Most Violent Year 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\A Most Violent Year 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\33ce042b390eb7f4d335b93012d05c74\Microsoft SQL Server.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\33ce042b390eb7f4d335b93012d05c74\Microsoft SQL Server.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\33ce042b390eb7f4d335b93012d05c74\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\32c7c4617c2f124442f4d9e634ce0b39\SmartDraw.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\32c7c4617c2f124442f4d9e634ce0b39\SmartDraw.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\32b3508d3674f0c649ee19d838c4e346\Fidelizer.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\32b3508d3674f0c649ee19d838c4e346\Fidelizer.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\32b3508d3674f0c649ee19d838c4e346\Setup.dat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\301846de2cc08180c4cd8c681e9c3ee8\The Hungover Games 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\301846de2cc08180c4cd8c681e9c3ee8\The Hungover Games 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\301846de2cc08180c4cd8c681e9c3ee8\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2fb80e24e691319ecedc03ae408abbdf\Adobe Photoshop Lightroom.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2fb80e24e691319ecedc03ae408abbdf\Adobe Photoshop Lightroom.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2fb80e24e691319ecedc03ae408abbdf\Setup.dat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\Rosewater 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\Rosewater 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f09a8dbafc09eba78f659c0799f1728\InSync.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f09a8dbafc09eba78f659c0799f1728\InSync.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\Last Vegas 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\Last Vegas 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a8906b18347c8efbb89e6f9641af422\Joe 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a8906b18347c8efbb89e6f9641af422\Joe 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a8906b18347c8efbb89e6f9641af422\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a6a62a72c00cc62ddc8eaf20e5c3bf4\Lucid Electronics Workbench.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a6a62a72c00cc62ddc8eaf20e5c3bf4\Lucid Electronics Workbench.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a3d99267335445d82d314863bdf79a0\Stellar Phoenix Windows Data Recovery.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a3d99267335445d82d314863bdf79a0\Stellar Phoenix Windows Data Recovery.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2707ee8faabbe7cc75a71f8197971855\Taken 3 2015.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2707ee8faabbe7cc75a71f8197971855\Taken 3 2015.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2707ee8faabbe7cc75a71f8197971855\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24a853f3cef9ec1b2333857ad5c7ac06\Dracula Untold 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24a853f3cef9ec1b2333857ad5c7ac06\Dracula Untold 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24a853f3cef9ec1b2333857ad5c7ac06\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24866ae4194b58ff96a00493c1110b17\CAD-KAS PDF Editor (formerly PDF Editor).exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24866ae4194b58ff96a00493c1110b17\CAD-KAS PDF Editor (formerly PDF Editor).nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Total Codec Pack.exe" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Wild 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Wild 2014.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\23ded83a4850d875f3d59bd53a610e6c\SkyGrabber.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\23ded83a4850d875f3d59bd53a610e6c\SkyGrabber.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\22730fe29057723bb655bf4cccb9f94f\The Disappearance of Eleanor Rigby Them 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\22730fe29057723bb655bf4cccb9f94f\The Disappearance of Eleanor Rigby Them 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\22730fe29057723bb655bf4cccb9f94f\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\221acc24042ca1210daa1a9add486906\Pianoteq.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\221acc24042ca1210daa1a9add486906\Pianoteq.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\21124b0323df66f9412caccf76188e0b\The Zero Theorem 2013.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\21124b0323df66f9412caccf76188e0b\The Zero Theorem 2013.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\21124b0323df66f9412caccf76188e0b\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1dec2ffae7135e6556cb67584d6422b1\ExeScript.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1dec2ffae7135e6556cb67584d6422b1\ExeScript.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1c2d0fb0f666aed965a87a91d9dee2d3\Circuit Wizard Professional Edition.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1c2d0fb0f666aed965a87a91d9dee2d3\Circuit Wizard Professional Edition.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\19e4e91ff8483b476939d09d6d3268d7\Fractalius.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\19e4e91ff8483b476939d09d6d3268d7\Fractalius.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\19e4e91ff8483b476939d09d6d3268d7\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\18665cad2b98c12e2ea41363974d72e2\DriverAgent.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\18665cad2b98c12e2ea41363974d72e2\DriverAgent.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\18665cad2b98c12e2ea41363974d72e2\Setup.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\18474902db40b9986a3eb37c55dd8702\Recover My Files.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\18474902db40b9986a3eb37c55dd8702\Recover My Files.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1719c43ff3153dbadedc9de950c1d9ab\AV Voice Changer Software.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1719c43ff3153dbadedc9de950c1d9ab\AV Voice Changer Software.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1603a0df2ba75297207a13cafc3d2bea\BlackBerry Backup Extractor.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1603a0df2ba75297207a13cafc3d2bea\BlackBerry Backup Extractor.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1010632dd9fb060345c0c873f6062d4f\Full Convert Enterprise.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\1010632dd9fb060345c0c873f6062d4f\Full Convert Enterprise.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\Mr. Turner 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\Mr. Turner 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0e686b957433aa225f7bf30acdbb1f10\TweakNow WinSecret.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0e686b957433aa225f7bf30acdbb1f10\TweakNow WinSecret.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0c81a3aadde5b079a08a8a9605d91a26\Noah 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0c81a3aadde5b079a08a8a9605d91a26\Noah 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0c81a3aadde5b079a08a8a9605d91a26\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0bae1e5b4c0e67df8189d527f93c9f2b\YouWave for Android.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0bae1e5b4c0e67df8189d527f93c9f2b\YouWave for Android.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\09f29ba82e791fe5e56d91db4b185d01\I Origins 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\09f29ba82e791fe5e56d91db4b185d01\I Origins 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\09f29ba82e791fe5e56d91db4b185d01\WMP x264 Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\08033b74ebdb370b2a369c07cb1babb6\DietMP3.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\08033b74ebdb370b2a369c07cb1babb6\DietMP3.nfo => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\02272dd3cc93fe31bfae6046b419f51c\Atomic Email Hunter.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\02272dd3cc93fe31bfae6046b419f51c\Atomic Email Hunter.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\The Judge 2014.avi" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\The Judge 2014.nfo => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\Total Codec Pack.exe" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\00671bded5237e1cbd4bdd1b03efd5f2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\02272dd3cc93fe31bfae6046b419f51c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\08033b74ebdb370b2a369c07cb1babb6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\09f29ba82e791fe5e56d91db4b185d01 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\0bae1e5b4c0e67df8189d527f93c9f2b => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\0c81a3aadde5b079a08a8a9605d91a26" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\0e686b957433aa225f7bf30acdbb1f10 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\0eb493ad5b13f3bc349cc53f9d760bea => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\1010632dd9fb060345c0c873f6062d4f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\1603a0df2ba75297207a13cafc3d2bea => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\1719c43ff3153dbadedc9de950c1d9ab" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\18474902db40b9986a3eb37c55dd8702 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\18665cad2b98c12e2ea41363974d72e2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\19e4e91ff8483b476939d09d6d3268d7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\1c2d0fb0f666aed965a87a91d9dee2d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\1dec2ffae7135e6556cb67584d6422b1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\21124b0323df66f9412caccf76188e0b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\221acc24042ca1210daa1a9add486906 => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\22730fe29057723bb655bf4cccb9f94f" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\23ded83a4850d875f3d59bd53a610e6c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\246dfec8039fd1b220e74c174d404b78 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\24866ae4194b58ff96a00493c1110b17 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\24a853f3cef9ec1b2333857ad5c7ac06 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2707ee8faabbe7cc75a71f8197971855 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2a3d99267335445d82d314863bdf79a0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2a6a62a72c00cc62ddc8eaf20e5c3bf4 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2a8906b18347c8efbb89e6f9641af422 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2d417a212dc93c3af4614927c9a7be78 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2f09a8dbafc09eba78f659c0799f1728 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2f3d60a46c542d5cb3d1e28e4d807ef5 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\2fb80e24e691319ecedc03ae408abbdf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\301846de2cc08180c4cd8c681e9c3ee8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\32b3508d3674f0c649ee19d838c4e346 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\32c7c4617c2f124442f4d9e634ce0b39 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\33ce042b390eb7f4d335b93012d05c74 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\341513be444fd9af08355b1d1befab2c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\34868bebcab633a75504c9c1295803d7 => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\38cf5f219c7f1d78ed214d039a685aff" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3ac0bf970decdd18beb479b389a3e7f0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3b8f0d88955ef6e0e4a182f34a446fee => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3c12717f2ec842c3c67defa37ddbe78f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3cc1fda5c7a4f1b66f3a0e5477102052 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3e25671b8f4e64c33583cd542dadb042 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3e3c1298f2d6dd3e9aa2314f17f34625 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3e425c22d9817056e9a7d6a6ec0c31e9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\3efde02b55710ed826854c1095d358f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\433198b59edb8d79f3e30db3a2ee51a9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\472ad06d8902fa9a78fcf2e099b2a5c4 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\49a7f87925e6e6b9eaf24517160f17e1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\4a6c0af72d2a9b08cbb16a1cd2c022f9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\4bc30d4713e7434afc650c9c6238de1d => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\4c5ef60dcabf88745285336bc1c2bde9" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\4eb8a9acec25045bbc2228a70f1b5928 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\552fdb02c1eb1f4ea3f24e54becb2ea5 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\55c72c3ddbcf5f48a0ef378fb4dbf456 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\58ecec502ab6baba40af8e088e2eff19 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\59c8069af9601fbe724f834646cf185c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\5a832b8ea1afe7afaf23d4962a5155e6 => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\60e4d0a71bde7a6ffa127a6a5c9303d6" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\611c352d1031c8744b2a846b571d5985 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\640fb8144bc44bc873c1afe250d16f8a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\641c1e78499c545a386dc98a963a3474 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\6494dda7a6b62fbc73902ffb0bcf923e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\653adebd49bb6a1f2457e81a1297390d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\6bbe17c99bf1331c3fa03411109d8f2f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\6c636bc3c2fdc01743fed5eee294bd02 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\72d328ce205f8949cc769727df068d49 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\775ac99fee31593774d9bcbc8cc87587 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\775c5cb3ed1fd8286494c4760004c699 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\77ad522f2c61aac82abe7f7e636acc0f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7992acf6cf85dd33b91f64ce1cd03e2f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\79e451149e8c51ec8f135b9e210f9074 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7aeaf46c38b871dbaf6fd53de148f4bf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7c2b8027b6b4bc7604321d6a3b15a3d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7c4ec3a17b5992677e4bff0505a9e808 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7dca7b919c2684524c9f6ad02218e49a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7dd358b710ccfad5f836ff44daa8fef8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\7f691c124411bcf42c47521a5cb099d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\8121bb898c1381151afeef5775156929 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\89dbb45bfc3a453086cabdfdf9d88101 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\8d177e4e5678716aef26789cad30a865 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\8d5445dd0a4948296ee32baac96442e8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\8dee0e8f6b5b68be5a62cba49c7d6789 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\932c9599ee7afdc3ab5b91d80b9543c2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\9345a8cca3fbf2956dbd34fb1ca11015 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\95010cf3a500455856e8a7b6f5b0002e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\9530428d457a6fc523d21310b2f674d8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\9539bc5ab864fa12e62d936835b9130a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\9625e26f4dd058c348d493c6bf730e50 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\96ab45b578bc860e933cae310d2363ce => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\96c0e37fc1a5dd9c18a8797d884456b6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\985dad9693e28798a31bfa21c4fd7506 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\991c55e8fee876f16475d9ecd37fa87b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\99209be368313df6547eccb4dfdf98bc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\9f3677ef3d3d23ec6894fff1e96c49f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\9f376fd52a4b6922c363fbb95bb44c28 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\a108bfcdf2eb94e18941d5ce3e6741c3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\a2d22496bdb330259d93a002f31996d6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\aa5c0a020986eb9122a81994867fdf79 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ab0bb2fe40090c72f357b98d9fbe9030 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ac50ed5a619df3eb7cac66cf8e3ef3c0 => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ada6dee5c6f65c10b4638cb3edb56dc3" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\af2ddfc65c23446c22fdbe4bda2ca3ad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b07006a1eeadc2069604372e36047a9b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b194966ad87960ede3e9f76d505e1e69 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b1a0ac53a40868da95442673c0e7d028 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b30e99c52159da57b8bcd5b2297dd3e7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b3b30bd50c0bacc5d164db0d57c03cb6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b52f8b226fc7926a0a6cfa8fe2706390 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b7728f9161071e0bb46ec047076169be => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b8117b2604925d9471da096ba9d4ed87" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ba63b318097845601a4aaa38587c3d7c => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\baef391f673e047f2ce39bcf50094121" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\bb988113c413631573e83195e5f2567b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\be889b5fdf89ed1a31994925803122dc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\bfbb5813ee0711af243a03d97704abdf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c2590dacffd37d1a603a14d16e1fb066 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c31d174d2153e1a1aa705919332e98e3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c4bbf82b92248df7108745c3686fe205 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c56a4cb0713e08a0547bfa93c168a720 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c61ab6d3623936c79d58e7bcb8814406 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c779e2049037a2a01c610050e961edeb => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c7c28beaebaf0e1400e7dc34c2458f7b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c8030376d5b0fdf19cd205f5463c07fe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\c85704bb576f18c3ec859bfa111dd3f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\cbf0a3c3e0bc92d3358da1d62bb6dedd => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\cc3345146a227449591c880e60fb3290 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\cddf3211e22940d2d011a4fa81001123 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\cec6c85a7bf9770323e16af12d5f97c7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\d2b952690da0fb72bbd02e7d545c300d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\d6eb74b6734f7999e620a0a65145a5a1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\dba1f9d7ce7ba029c4d0b7bad00d911b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\dc723bb08357968da468f51dd0617195 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\de3b762cae0a173b9b5879dd467e87ad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\de50ad986429018cc4c02754ecdb3ad1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\de59ab2eb41a5f03e01fd9be13ede717 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\dfa31c17676dc4bc20e591536a587607 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\e2839b0dec29e117d183cacec3a9441d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\e4d76ce6842aed2585d46aa03bd6a658 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\e743528acf4010f84595a60e4968243c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\e7cab7129510b045fa319443d079a1d1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\eb76e87b9c2822b8342fd3d8f90cc6bc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ec2ae06168a5dd4a76179295138a0c8a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ecf687b149c11d2941e51866713a60cc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\f0610cb47c7c3628ed084fc5fa811090 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\f21c6b4a4bfd1ea6df2a86b30a382a0f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\f638dd3eacdb1c7fbc1fd950c36dbfb7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\f864323b342861f1b5820d62a2e9a41c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\f9c565585bd21f38ecc4698ca16d164e => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\fa0312874982058f2a37031f943de8af" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\fb0d1e515805b2c6c72d7f084bd72d82 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\fd0906d1b9a29f743942a8f2ba1cf356 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\00671bded5237e1cbd4bdd1b03efd5f2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\02272dd3cc93fe31bfae6046b419f51c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\08033b74ebdb370b2a369c07cb1babb6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\09f29ba82e791fe5e56d91db4b185d01 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\0bae1e5b4c0e67df8189d527f93c9f2b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\0c81a3aadde5b079a08a8a9605d91a26 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\0e686b957433aa225f7bf30acdbb1f10 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\0eb493ad5b13f3bc349cc53f9d760bea => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\1010632dd9fb060345c0c873f6062d4f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\1603a0df2ba75297207a13cafc3d2bea => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\1719c43ff3153dbadedc9de950c1d9ab => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\18474902db40b9986a3eb37c55dd8702 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\18665cad2b98c12e2ea41363974d72e2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\19e4e91ff8483b476939d09d6d3268d7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\1c2d0fb0f666aed965a87a91d9dee2d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\1dec2ffae7135e6556cb67584d6422b1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\21124b0323df66f9412caccf76188e0b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\221acc24042ca1210daa1a9add486906 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\22730fe29057723bb655bf4cccb9f94f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\23ded83a4850d875f3d59bd53a610e6c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\246dfec8039fd1b220e74c174d404b78 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\24866ae4194b58ff96a00493c1110b17 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\24a853f3cef9ec1b2333857ad5c7ac06 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2707ee8faabbe7cc75a71f8197971855 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2a3d99267335445d82d314863bdf79a0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2a6a62a72c00cc62ddc8eaf20e5c3bf4 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2a8906b18347c8efbb89e6f9641af422 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2d417a212dc93c3af4614927c9a7be78 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2f09a8dbafc09eba78f659c0799f1728 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2f3d60a46c542d5cb3d1e28e4d807ef5 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\2fb80e24e691319ecedc03ae408abbdf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\301846de2cc08180c4cd8c681e9c3ee8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\32b3508d3674f0c649ee19d838c4e346 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\32c7c4617c2f124442f4d9e634ce0b39 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\33ce042b390eb7f4d335b93012d05c74 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\341513be444fd9af08355b1d1befab2c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\34868bebcab633a75504c9c1295803d7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\38cf5f219c7f1d78ed214d039a685aff => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3ac0bf970decdd18beb479b389a3e7f0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3b8f0d88955ef6e0e4a182f34a446fee => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3c12717f2ec842c3c67defa37ddbe78f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3cc1fda5c7a4f1b66f3a0e5477102052 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3e25671b8f4e64c33583cd542dadb042 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3e3c1298f2d6dd3e9aa2314f17f34625 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3e425c22d9817056e9a7d6a6ec0c31e9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\3efde02b55710ed826854c1095d358f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\433198b59edb8d79f3e30db3a2ee51a9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\472ad06d8902fa9a78fcf2e099b2a5c4 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\49a7f87925e6e6b9eaf24517160f17e1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\4a6c0af72d2a9b08cbb16a1cd2c022f9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\4bc30d4713e7434afc650c9c6238de1d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\4c5ef60dcabf88745285336bc1c2bde9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\4eb8a9acec25045bbc2228a70f1b5928 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\552fdb02c1eb1f4ea3f24e54becb2ea5 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\55c72c3ddbcf5f48a0ef378fb4dbf456 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\58ecec502ab6baba40af8e088e2eff19 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\59c8069af9601fbe724f834646cf185c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\5a832b8ea1afe7afaf23d4962a5155e6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\60e4d0a71bde7a6ffa127a6a5c9303d6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\611c352d1031c8744b2a846b571d5985 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\640fb8144bc44bc873c1afe250d16f8a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\641c1e78499c545a386dc98a963a3474 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\6494dda7a6b62fbc73902ffb0bcf923e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\653adebd49bb6a1f2457e81a1297390d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\6bbe17c99bf1331c3fa03411109d8f2f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\6c636bc3c2fdc01743fed5eee294bd02 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\72d328ce205f8949cc769727df068d49 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\775ac99fee31593774d9bcbc8cc87587 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\775c5cb3ed1fd8286494c4760004c699 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\77ad522f2c61aac82abe7f7e636acc0f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7992acf6cf85dd33b91f64ce1cd03e2f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\79e451149e8c51ec8f135b9e210f9074 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7aeaf46c38b871dbaf6fd53de148f4bf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7c2b8027b6b4bc7604321d6a3b15a3d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7c4ec3a17b5992677e4bff0505a9e808 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7dca7b919c2684524c9f6ad02218e49a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7dd358b710ccfad5f836ff44daa8fef8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\7f691c124411bcf42c47521a5cb099d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\8121bb898c1381151afeef5775156929 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\89dbb45bfc3a453086cabdfdf9d88101 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\8d177e4e5678716aef26789cad30a865 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\8d5445dd0a4948296ee32baac96442e8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\8dee0e8f6b5b68be5a62cba49c7d6789 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\932c9599ee7afdc3ab5b91d80b9543c2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\9345a8cca3fbf2956dbd34fb1ca11015 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\95010cf3a500455856e8a7b6f5b0002e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\9530428d457a6fc523d21310b2f674d8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\9539bc5ab864fa12e62d936835b9130a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\9625e26f4dd058c348d493c6bf730e50 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\96ab45b578bc860e933cae310d2363ce => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\96c0e37fc1a5dd9c18a8797d884456b6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\985dad9693e28798a31bfa21c4fd7506 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\991c55e8fee876f16475d9ecd37fa87b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\99209be368313df6547eccb4dfdf98bc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\9f3677ef3d3d23ec6894fff1e96c49f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\9f376fd52a4b6922c363fbb95bb44c28 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\a108bfcdf2eb94e18941d5ce3e6741c3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\a2d22496bdb330259d93a002f31996d6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\aa5c0a020986eb9122a81994867fdf79 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\ab0bb2fe40090c72f357b98d9fbe9030 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\ac50ed5a619df3eb7cac66cf8e3ef3c0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\ada6dee5c6f65c10b4638cb3edb56dc3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\af2ddfc65c23446c22fdbe4bda2ca3ad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b07006a1eeadc2069604372e36047a9b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b194966ad87960ede3e9f76d505e1e69 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b1a0ac53a40868da95442673c0e7d028 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b30e99c52159da57b8bcd5b2297dd3e7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b3b30bd50c0bacc5d164db0d57c03cb6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b52f8b226fc7926a0a6cfa8fe2706390 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b7728f9161071e0bb46ec047076169be => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\b8117b2604925d9471da096ba9d4ed87 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\ba63b318097845601a4aaa38587c3d7c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\baef391f673e047f2ce39bcf50094121 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\bb988113c413631573e83195e5f2567b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\be889b5fdf89ed1a31994925803122dc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\bfbb5813ee0711af243a03d97704abdf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c2590dacffd37d1a603a14d16e1fb066 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c31d174d2153e1a1aa705919332e98e3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c4bbf82b92248df7108745c3686fe205 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c56a4cb0713e08a0547bfa93c168a720 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c61ab6d3623936c79d58e7bcb8814406 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c779e2049037a2a01c610050e961edeb => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c7c28beaebaf0e1400e7dc34c2458f7b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c8030376d5b0fdf19cd205f5463c07fe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\c85704bb576f18c3ec859bfa111dd3f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\cbf0a3c3e0bc92d3358da1d62bb6dedd => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\cc3345146a227449591c880e60fb3290 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\cddf3211e22940d2d011a4fa81001123 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\cec6c85a7bf9770323e16af12d5f97c7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\d2b952690da0fb72bbd02e7d545c300d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\d6eb74b6734f7999e620a0a65145a5a1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\dba1f9d7ce7ba029c4d0b7bad00d911b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\dc723bb08357968da468f51dd0617195 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\de3b762cae0a173b9b5879dd467e87ad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\de50ad986429018cc4c02754ecdb3ad1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\de59ab2eb41a5f03e01fd9be13ede717 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\dfa31c17676dc4bc20e591536a587607 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\e2839b0dec29e117d183cacec3a9441d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\e4d76ce6842aed2585d46aa03bd6a658 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\e743528acf4010f84595a60e4968243c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\e7cab7129510b045fa319443d079a1d1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\eb76e87b9c2822b8342fd3d8f90cc6bc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\ec2ae06168a5dd4a76179295138a0c8a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\ecf687b149c11d2941e51866713a60cc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\f0610cb47c7c3628ed084fc5fa811090 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\f21c6b4a4bfd1ea6df2a86b30a382a0f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\f638dd3eacdb1c7fbc1fd950c36dbfb7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\f864323b342861f1b5820d62a2e9a41c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\f9c565585bd21f38ecc4698ca16d164e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\fa0312874982058f2a37031f943de8af => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\fb0d1e515805b2c6c72d7f084bd72d82 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\rules\fd0906d1b9a29f743942a8f2ba1cf356 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\00671bded5237e1cbd4bdd1b03efd5f2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\02272dd3cc93fe31bfae6046b419f51c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\08033b74ebdb370b2a369c07cb1babb6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\09f29ba82e791fe5e56d91db4b185d01 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\0bae1e5b4c0e67df8189d527f93c9f2b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\0c81a3aadde5b079a08a8a9605d91a26 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\0e686b957433aa225f7bf30acdbb1f10 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\0eb493ad5b13f3bc349cc53f9d760bea => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\1010632dd9fb060345c0c873f6062d4f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\1603a0df2ba75297207a13cafc3d2bea => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\18474902db40b9986a3eb37c55dd8702 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\18665cad2b98c12e2ea41363974d72e2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\19e4e91ff8483b476939d09d6d3268d7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\1c2d0fb0f666aed965a87a91d9dee2d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\1dec2ffae7135e6556cb67584d6422b1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\21124b0323df66f9412caccf76188e0b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\221acc24042ca1210daa1a9add486906 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\22730fe29057723bb655bf4cccb9f94f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\23ded83a4850d875f3d59bd53a610e6c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\246dfec8039fd1b220e74c174d404b78 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\24866ae4194b58ff96a00493c1110b17 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\24a853f3cef9ec1b2333857ad5c7ac06 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2707ee8faabbe7cc75a71f8197971855 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2a3d99267335445d82d314863bdf79a0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2a6a62a72c00cc62ddc8eaf20e5c3bf4 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2a8906b18347c8efbb89e6f9641af422 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2d417a212dc93c3af4614927c9a7be78 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2f09a8dbafc09eba78f659c0799f1728 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\2fb80e24e691319ecedc03ae408abbdf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\301846de2cc08180c4cd8c681e9c3ee8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\32b3508d3674f0c649ee19d838c4e346 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\32c7c4617c2f124442f4d9e634ce0b39 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\33ce042b390eb7f4d335b93012d05c74 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\341513be444fd9af08355b1d1befab2c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\34868bebcab633a75504c9c1295803d7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\38cf5f219c7f1d78ed214d039a685aff => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3ac0bf970decdd18beb479b389a3e7f0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3b8f0d88955ef6e0e4a182f34a446fee => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3c12717f2ec842c3c67defa37ddbe78f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3cc1fda5c7a4f1b66f3a0e5477102052 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3e25671b8f4e64c33583cd542dadb042 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3e3c1298f2d6dd3e9aa2314f17f34625 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3e425c22d9817056e9a7d6a6ec0c31e9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\3efde02b55710ed826854c1095d358f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\433198b59edb8d79f3e30db3a2ee51a9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\472ad06d8902fa9a78fcf2e099b2a5c4 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\49a7f87925e6e6b9eaf24517160f17e1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\4a6c0af72d2a9b08cbb16a1cd2c022f9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\4bc30d4713e7434afc650c9c6238de1d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\4eb8a9acec25045bbc2228a70f1b5928 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\552fdb02c1eb1f4ea3f24e54becb2ea5 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\55c72c3ddbcf5f48a0ef378fb4dbf456 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\58ecec502ab6baba40af8e088e2eff19 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\59c8069af9601fbe724f834646cf185c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\5a832b8ea1afe7afaf23d4962a5155e6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\60e4d0a71bde7a6ffa127a6a5c9303d6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\611c352d1031c8744b2a846b571d5985 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\641c1e78499c545a386dc98a963a3474 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\6494dda7a6b62fbc73902ffb0bcf923e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\653adebd49bb6a1f2457e81a1297390d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\6bbe17c99bf1331c3fa03411109d8f2f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\6c636bc3c2fdc01743fed5eee294bd02 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\72d328ce205f8949cc769727df068d49 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\775ac99fee31593774d9bcbc8cc87587 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\775c5cb3ed1fd8286494c4760004c699 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\77ad522f2c61aac82abe7f7e636acc0f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7992acf6cf85dd33b91f64ce1cd03e2f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\79e451149e8c51ec8f135b9e210f9074 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7aeaf46c38b871dbaf6fd53de148f4bf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7c2b8027b6b4bc7604321d6a3b15a3d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7c4ec3a17b5992677e4bff0505a9e808 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7dca7b919c2684524c9f6ad02218e49a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7dd358b710ccfad5f836ff44daa8fef8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\7f691c124411bcf42c47521a5cb099d3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\8121bb898c1381151afeef5775156929 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\89dbb45bfc3a453086cabdfdf9d88101 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\8d177e4e5678716aef26789cad30a865 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\8d5445dd0a4948296ee32baac96442e8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\8dee0e8f6b5b68be5a62cba49c7d6789 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\932c9599ee7afdc3ab5b91d80b9543c2 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\9345a8cca3fbf2956dbd34fb1ca11015 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\95010cf3a500455856e8a7b6f5b0002e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\9530428d457a6fc523d21310b2f674d8 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\9539bc5ab864fa12e62d936835b9130a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\9625e26f4dd058c348d493c6bf730e50 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\96ab45b578bc860e933cae310d2363ce => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\96c0e37fc1a5dd9c18a8797d884456b6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\985dad9693e28798a31bfa21c4fd7506 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\991c55e8fee876f16475d9ecd37fa87b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\99209be368313df6547eccb4dfdf98bc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\9f3677ef3d3d23ec6894fff1e96c49f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\9f376fd52a4b6922c363fbb95bb44c28 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\a108bfcdf2eb94e18941d5ce3e6741c3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\a2d22496bdb330259d93a002f31996d6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\aa5c0a020986eb9122a81994867fdf79 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\ab0bb2fe40090c72f357b98d9fbe9030 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\ac50ed5a619df3eb7cac66cf8e3ef3c0 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\ada6dee5c6f65c10b4638cb3edb56dc3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\af2ddfc65c23446c22fdbe4bda2ca3ad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b07006a1eeadc2069604372e36047a9b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b194966ad87960ede3e9f76d505e1e69 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b1a0ac53a40868da95442673c0e7d028 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b30e99c52159da57b8bcd5b2297dd3e7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b3b30bd50c0bacc5d164db0d57c03cb6 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b52f8b226fc7926a0a6cfa8fe2706390 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b7728f9161071e0bb46ec047076169be => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\b8117b2604925d9471da096ba9d4ed87 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\ba63b318097845601a4aaa38587c3d7c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\baef391f673e047f2ce39bcf50094121 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\bb988113c413631573e83195e5f2567b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\be889b5fdf89ed1a31994925803122dc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\bfbb5813ee0711af243a03d97704abdf => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c2590dacffd37d1a603a14d16e1fb066 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c31d174d2153e1a1aa705919332e98e3 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c4bbf82b92248df7108745c3686fe205 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c56a4cb0713e08a0547bfa93c168a720 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c61ab6d3623936c79d58e7bcb8814406 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c779e2049037a2a01c610050e961edeb => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c7c28beaebaf0e1400e7dc34c2458f7b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c8030376d5b0fdf19cd205f5463c07fe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\c85704bb576f18c3ec859bfa111dd3f7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\cbf0a3c3e0bc92d3358da1d62bb6dedd => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\cc3345146a227449591c880e60fb3290 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\cddf3211e22940d2d011a4fa81001123 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\cec6c85a7bf9770323e16af12d5f97c7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\d2b952690da0fb72bbd02e7d545c300d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\d6eb74b6734f7999e620a0a65145a5a1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\dba1f9d7ce7ba029c4d0b7bad00d911b => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\dc723bb08357968da468f51dd0617195 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\de3b762cae0a173b9b5879dd467e87ad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\de50ad986429018cc4c02754ecdb3ad1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\de59ab2eb41a5f03e01fd9be13ede717 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\dfa31c17676dc4bc20e591536a587607 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\e2839b0dec29e117d183cacec3a9441d => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\e4d76ce6842aed2585d46aa03bd6a658 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\e743528acf4010f84595a60e4968243c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\e7cab7129510b045fa319443d079a1d1 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\eb76e87b9c2822b8342fd3d8f90cc6bc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\ec2ae06168a5dd4a76179295138a0c8a => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\ecf687b149c11d2941e51866713a60cc => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\f0610cb47c7c3628ed084fc5fa811090 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\f21c6b4a4bfd1ea6df2a86b30a382a0f => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\f638dd3eacdb1c7fbc1fd950c36dbfb7 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\f864323b342861f1b5820d62a2e9a41c => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\f9c565585bd21f38ecc4698ca16d164e => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\fa0312874982058f2a37031f943de8af => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\fb0d1e515805b2c6c72d7f084bd72d82 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\resume\fd0906d1b9a29f743942a8f2ba1cf356 => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\Microsoft\Secure" directory. => Scheduled to move on reboot.
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-1801674531-527237240-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\system32\TBD144.tmp => Moved successfully.
 
========================= Folder: C:\Documents and Settings\Admin\PrivacIE ========================
 
2014-12-28 23:13 - 2015-01-09 23:51 - 0032768 ___SH () C:\Documents and Settings\Admin\PrivacIE\index.dat
 
====== End of Folder: ======
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-11 22:07:28)<=
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\00a55acdb577550bff00d85cfe76c39f => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\8bb65f1fd0e15a536ee579a54dd0f038 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\dbadf687331785c824ea9f609eee1831 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Pompeii 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fd0906d1b9a29f743942a8f2ba1cf356\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fb0d1e515805b2c6c72d7f084bd72d82\Snowpiercer 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fb0d1e515805b2c6c72d7f084bd72d82\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\Jupiter Ascending 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Star Wars Episode VII - The Force Awakens 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f864323b342861f1b5820d62a2e9a41c\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f0610cb47c7c3628ed084fc5fa811090\Still Alice 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\f0610cb47c7c3628ed084fc5fa811090\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\The Pyramid 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\eb76e87b9c2822b8342fd3d8f90cc6bc\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e743528acf4010f84595a60e4968243c\Unbroken 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e743528acf4010f84595a60e4968243c\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\Seventh Son 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e4d76ce6842aed2585d46aa03bd6a658\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e2839b0dec29e117d183cacec3a9441d\Still Alice 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\e2839b0dec29e117d183cacec3a9441d\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\The Equalizer 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\de50ad986429018cc4c02754ecdb3ad1\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Interstellar 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\dba1f9d7ce7ba029c4d0b7bad00d911b\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d6eb74b6734f7999e620a0a65145a5a1\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\d6eb74b6734f7999e620a0a65145a5a1\Tusk 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\Night at the Museum Secret of the Tomb 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cddf3211e22940d2d011a4fa81001123\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cc3345146a227449591c880e60fb3290\Tammy 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cc3345146a227449591c880e60fb3290\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Pitch Perfect 2 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\cbf0a3c3e0bc92d3358da1d62bb6dedd\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c85704bb576f18c3ec859bfa111dd3f7\Inside Out 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c85704bb576f18c3ec859bfa111dd3f7\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\God Help the Girl 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\The Riot Club 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\The Grand Budapest Hotel 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Kingsman The Secret Service 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\c2590dacffd37d1a603a14d16e1fb066\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\The Boy Next Door 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\be889b5fdf89ed1a31994925803122dc\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Minions 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\bb988113c413631573e83195e5f2567b\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\The Best of Me 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b7728f9161071e0bb46ec047076169be\The Guest 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b7728f9161071e0bb46ec047076169be\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b52f8b226fc7926a0a6cfa8fe2706390\Under the Skin 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b52f8b226fc7926a0a6cfa8fe2706390\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b194966ad87960ede3e9f76d505e1e69\A Walk Among the Tombstones 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\b194966ad87960ede3e9f76d505e1e69\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ada6dee5c6f65c10b4638cb3edb56dc3\John Wick 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ada6dee5c6f65c10b4638cb3edb56dc3\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ac50ed5a619df3eb7cac66cf8e3ef3c0\About Time 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\ac50ed5a619df3eb7cac66cf8e3ef3c0\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Top Five 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\aa5c0a020986eb9122a81994867fdf79\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Love Rosie 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\a2d22496bdb330259d93a002f31996d6\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f376fd52a4b6922c363fbb95bb44c28\The Maze Runner 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9f376fd52a4b6922c363fbb95bb44c28\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\99209be368313df6547eccb4dfdf98bc\The Skeleton Twins 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\99209be368313df6547eccb4dfdf98bc\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Horrible Bosses 2 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\991c55e8fee876f16475d9ecd37fa87b\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\Hercules 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\Affluenza 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\8dee0e8f6b5b68be5a62cba49c7d6789\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dd358b710ccfad5f836ff44daa8fef8\23 Blast 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dd358b710ccfad5f836ff44daa8fef8\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7dca7b919c2684524c9f6ad02218e49a\Taken 3 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\Blue Ruin 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c4ec3a17b5992677e4bff0505a9e808\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c2b8027b6b4bc7604321d6a3b15a3d3\The Amazing Spider-Man 2 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7c2b8027b6b4bc7604321d6a3b15a3d3\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\American Sniper 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\7992acf6cf85dd33b91f64ce1cd03e2f\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\The Legend of Hercules 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\6c636bc3c2fdc01743fed5eee294bd02\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\American Hustle 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\611c352d1031c8744b2a846b571d5985\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\Atlas Shrugged Who Is John Galt 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\60e4d0a71bde7a6ffa127a6a5c9303d6\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4bc30d4713e7434afc650c9c6238de1d\Extraterrestrial 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4bc30d4713e7434afc650c9c6238de1d\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\John Wick 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\4a6c0af72d2a9b08cbb16a1cd2c022f9\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e3c1298f2d6dd3e9aa2314f17f34625\Hungry Hearts 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e3c1298f2d6dd3e9aa2314f17f34625\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\The Rover 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3e25671b8f4e64c33583cd542dadb042\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3c12717f2ec842c3c67defa37ddbe78f\As Above So Below 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Ex Machina 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3b8f0d88955ef6e0e4a182f34a446fee\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\Love Rosie 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\3ac0bf970decdd18beb479b389a3e7f0\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\Maleficent 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\34868bebcab633a75504c9c1295803d7\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\A Most Violent Year 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\341513be444fd9af08355b1d1befab2c\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\301846de2cc08180c4cd8c681e9c3ee8\The Hungover Games 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\301846de2cc08180c4cd8c681e9c3ee8\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\Rosewater 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2f3d60a46c542d5cb3d1e28e4d807ef5\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\Last Vegas 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2d417a212dc93c3af4614927c9a7be78\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a8906b18347c8efbb89e6f9641af422\Joe 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2a8906b18347c8efbb89e6f9641af422\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2707ee8faabbe7cc75a71f8197971855\Taken 3 2015.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\2707ee8faabbe7cc75a71f8197971855\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24a853f3cef9ec1b2333857ad5c7ac06\Dracula Untold 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\24a853f3cef9ec1b2333857ad5c7ac06\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\246dfec8039fd1b220e74c174d404b78\Wild 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\22730fe29057723bb655bf4cccb9f94f\The Disappearance of Eleanor Rigby Them 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\22730fe29057723bb655bf4cccb9f94f\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\21124b0323df66f9412caccf76188e0b\The Zero Theorem 2013.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\21124b0323df66f9412caccf76188e0b\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\Mr. Turner 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0eb493ad5b13f3bc349cc53f9d760bea\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0c81a3aadde5b079a08a8a9605d91a26\Noah 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\0c81a3aadde5b079a08a8a9605d91a26\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\09f29ba82e791fe5e56d91db4b185d01\I Origins 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\09f29ba82e791fe5e56d91db4b185d01\WMP x264 Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\The Judge 2014.avi => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\data\00671bded5237e1cbd4bdd1b03efd5f2\Total Codec Pack.exe => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\0c81a3aadde5b079a08a8a9605d91a26 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\1719c43ff3153dbadedc9de950c1d9ab => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\22730fe29057723bb655bf4cccb9f94f => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\38cf5f219c7f1d78ed214d039a685aff => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\4c5ef60dcabf88745285336bc1c2bde9 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\60e4d0a71bde7a6ffa127a6a5c9303d6 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\ada6dee5c6f65c10b4638cb3edb56dc3 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\b8117b2604925d9471da096ba9d4ed87 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\baef391f673e047f2ce39bcf50094121 => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\CachedIcons\cache\fa0312874982058f2a37031f943de8af => Is moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure => Is moved successfully.
 
==== End of Fixlog 22:07:29 ====


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 12 January 2015 - 02:15 PM

Hi fredXhunger,

 

Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 12 January 2015 - 02:34 PM

Hey Toffee!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015
Ran by Admin (administrator) on WXPPX86BE-0296 on 12-01-2015 20:34:24
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Spotify Ltd) C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiadap.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\Install\ndp20sp2-kb2844285-v2-x86.exe
(Microsoft Corporation) D:\fd0e0adbfe1e70b17506f902de1e\HotFixInstaller.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20053608 2011-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5243712 2014-12-18] (IObit)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-27] (Spotify Ltd)
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [GozuDuji] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\GozuDuji\QuzvUhji.cpw"
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [MaxRecentDocs] 18
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\MountPoints2: V - V:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {D671275A-5E31-42B8-924E-2DDF8CC2EADB} URL = https://duckduckgo.com/?q={searchTerms}&kp=-1
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live inloggningshjälpen -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.150.193.150
Tcpip\..\Interfaces\{56B41582-DCC6-4D91-8360-F332809A5568}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{72B585A5-DB51-43D1-8A11-B9936049B6C7}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AFDAB87-78F8-47F1-BBFA-0F5C23C4E608}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4870E49-6298-4048-9265-F31B3775C8C3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\duckduckgo.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-09]
FF Extension: EngUKWrdBrk Class - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{363C2C69-AC9F-1F3E-E010-768FA0D1844A} [2014-12-30]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{2b4f8230-394e-4951-9495-bafd44d837da}.xpi [2014-12-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-10]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\extensions\faststartff@gmail.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://se.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
CHR StartupUrls: Default -> "https://www.facebook.com/", "https://mail.google.com/mail/u/0/#inbox", "https://dub129.mail.live.com/default.aspx?id=64855", "hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Adblock for Youtube™) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-08-19]
CHR Extension: (Sök på Google) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (AdBlock) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]
CHR Extension: (FastestFox for Chrome) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-08-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-08-19] (Macrovision Europe Ltd.) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-12-12] (IObit)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2633024 2014-12-12] (IObit)
R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-14] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{6F25DCD6-988B-408C-9CB0-E4F6ACC922C0}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2158848 2013-11-27] (Atheros Communications, Inc.)
R3 BazisVirtualCDBus; C:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-11] (Emsisoft GmbH)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2014-11-10] (IObit)
R0 iastor9; C:\WINDOWS\system32\Drivers\iastor9.sys [471360 2014-07-14] (Intel Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [98504 2013-06-20] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2014-11-10] (IObit.com)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2014-11-10] (IObit.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 22:06 - 2015-01-11 22:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-11 22:06 - 2015-01-11 22:06 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-11 22:06 - 2015-01-11 22:06 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-01-11 22:04 - 2015-01-11 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GozuDuji
2015-01-11 19:52 - 2015-01-11 19:52 - 00025225 _____ () C:\Documents and Settings\Admin\Desktop\Addition.txt
2015-01-11 19:50 - 2015-01-12 20:35 - 00017670 _____ () C:\Documents and Settings\Admin\Desktop\FRST.txt
2015-01-11 19:49 - 2015-01-12 20:34 - 00000000 ____D () C:\FRST
2015-01-11 19:47 - 2015-01-11 19:47 - 01115648 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2015-01-11 19:18 - 2015-01-11 19:18 - 00020597 _____ () C:\Documents and Settings\Admin\Desktop\dds.txt
2015-01-11 19:18 - 2015-01-11 19:18 - 00009121 _____ () C:\Documents and Settings\Admin\Desktop\attach.txt
2015-01-11 19:14 - 2015-01-11 19:14 - 00688992 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\dds.com
2015-01-11 19:06 - 2015-01-11 19:06 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\TeamViewer
2015-01-11 18:14 - 2015-01-11 18:14 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-01-11 18:14 - 2015-01-11 18:14 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-11 18:09 - 2015-01-11 18:09 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-01-11 18:09 - 2015-01-11 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-01-11 18:08 - 2015-01-11 19:06 - 00000000 ____D () C:\Program Files\TeamViewer
2015-01-10 21:46 - 2015-01-11 18:56 - 00000637 _____ () C:\Documents and Settings\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-10 21:45 - 2015-01-11 18:56 - 00000000 ____D () C:\EEK
2015-01-10 09:14 - 2015-01-10 09:14 - 00001560 _____ () C:\Documents and Settings\Admin\Desktop\ShadowExplorer.lnk
2015-01-10 09:14 - 2015-01-10 09:14 - 00000000 ____D () C:\Program Files\ShadowExplorer
2015-01-10 09:14 - 2015-01-10 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ShadowExplorer
2015-01-10 09:06 - 2015-01-10 09:06 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-10 00:37 - 2015-01-12 20:33 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-10 00:36 - 2015-01-10 00:36 - 00000000 __RHD () C:\AHCache
2015-01-10 00:19 - 2015-01-10 00:34 - 00009045 _____ () C:\WINDOWS\setupapi.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00006638 _____ () C:\WINDOWS\iis6.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00003489 _____ () C:\WINDOWS\ocgen.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00002822 _____ () C:\WINDOWS\tsoc.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00002062 _____ () C:\WINDOWS\comsetup.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013410$
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-10 00:07 - 2015-01-10 00:07 - 23191552 _____ () C:\WINDOWS\system32\config\software.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00237568 _____ () C:\WINDOWS\system32\config\default.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00049152 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\ProductData
2015-01-09 23:51 - 2015-01-09 23:51 - 00000881 _____ () C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2015-01-09 23:50 - 2015-01-11 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-01-09 23:50 - 2015-01-11 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-01-09 23:50 - 2015-01-11 21:42 - 00000000 ____D () C:\Program Files\IObit
2015-01-09 23:50 - 2015-01-09 23:53 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\IObit
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-09 23:38 - 2015-01-09 23:38 - 00001506 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.bak
2015-01-09 23:23 - 2015-01-09 23:42 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\NPE
2015-01-09 23:23 - 2015-01-09 23:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-09 23:08 - 2015-01-09 23:08 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe.0694.deleteme
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Quarantine
2015-01-09 22:38 - 2015-01-09 22:38 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe.4413.deleteme
2015-01-09 22:33 - 2015-01-09 23:24 - 00000000 ____D () C:\Program Files\stinger
2015-01-08 22:40 - 2015-01-08 22:40 - 00343784 _____ () C:\Documents and Settings\Admin\enc_files.txt
2015-01-08 22:35 - 2015-01-11 18:46 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\WinCL
2014-12-30 21:48 - 2015-01-11 18:09 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-12-28 23:15 - 2014-12-28 23:15 - 00000747 _____ () C:\Documents and Settings\All Users\Desktop\AVI MP4 Converter.lnk
2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Program Files\AVI MP4 Converter 5
2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVI MP4 Converter
2014-12-28 23:14 - 2014-12-28 23:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\1803528019
2014-12-28 23:13 - 2014-12-28 23:13 - 00000000 __SHD () C:\Documents and Settings\Admin\PrivacIE
2014-12-28 23:06 - 2014-12-28 23:06 - 00000000 ____D () C:\Documents and Settings\Admin\My Documents\Optimizer Pro
2014-12-28 23:02 - 2014-12-28 23:02 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\convertaudiofree
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IePluginServices
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Opera Software
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Opera Software
2014-12-28 23:00 - 2015-01-11 21:57 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\sweet-page
2014-12-28 22:59 - 2014-12-28 23:13 - 00000000 ____D () C:\Program Files\Opera
2014-12-26 20:35 - 2014-12-26 20:35 - 00000000 _____ () C:\Documents and Settings\Admin\Desktop\New Text Document.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 20:35 - 2014-08-19 07:08 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2015-01-12 20:33 - 2014-08-19 07:02 - 01396634 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-12 20:33 - 2014-08-19 01:56 - 00489254 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-12 20:15 - 2014-08-19 08:53 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 20:15 - 2014-08-18 22:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-11 22:06 - 2014-08-19 08:53 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 22:06 - 2014-08-19 07:08 - 00000692 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-11 22:06 - 2014-08-19 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-11 22:06 - 2014-08-19 01:53 - 01541200 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-11 22:06 - 2014-08-18 22:44 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-11 22:05 - 2014-08-19 07:08 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-01-10 00:19 - 2014-08-19 06:48 - 00012834 _____ () C:\WINDOWS\system32\TZLog.log
2015-01-10 00:17 - 2014-08-19 09:18 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\BitTorrent
2015-01-10 00:07 - 2014-08-19 07:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-10 00:07 - 2014-08-19 07:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-09 23:51 - 2014-09-06 09:52 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Apple Computer
2015-01-09 23:51 - 2014-08-19 07:08 - 00000000 ____D () C:\Documents and Settings\Admin
2015-01-09 23:38 - 2014-08-19 01:52 - 00000211 _____ () C:\boot.ini
2015-01-09 22:23 - 2014-08-19 06:56 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Spotify
2015-01-09 21:08 - 2014-08-19 06:57 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Spotify
2015-01-08 22:40 - 2014-12-09 20:28 - 81172205 _____ () C:\Documents and Settings\Admin\Desktop\Fredag den 13e Kladd.rar
2015-01-08 22:40 - 2014-12-09 20:28 - 80122265 _____ () C:\Documents and Settings\Admin\Desktop\Lack of Loud Mix 2.rar
2015-01-08 22:40 - 2014-12-09 20:28 - 20538259 _____ () C:\Documents and Settings\Admin\Desktop\PW Kladd.rar
2014-12-31 20:34 - 2014-08-19 07:01 - 00000000 ____D () C:\WINDOWS\system32\Restore
 
Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx20Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx30Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx35Client_Package_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 12 January 2015 - 02:55 PM

Hi fredXhunger,
 
That looks much better :)
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 12 January 2015 - 03:53 PM

Hi again Toffee, here's the report:
 

# AdwCleaner v4.107 - Report created 12/01/2015 at 21:11:44
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - WXPPX86BE-0296
# Running from : C:\Documents and Settings\Admin\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\user.js
File Found : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Folder Found : C:\Documents and Settings\Admin\Application Data\sweet-page
Folder Found : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Folder Found : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Folder Found : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm
Folder Found : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Found : C:\Documents and Settings\Admin\My Documents\Optimizer Pro
Folder Found : C:\Documents and Settings\All Users\Application Data\IePluginServices
Folder Found : C:\Documents and Settings\All Users\Application Data\IePluginServices
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5BEE7BE9-DF29-4C14-A18E-2BDD06205E29}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BEE7BE9-DF29-4C14-A18E-2BDD06205E29}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57C052A7-AAD7-4230-860D-F6768C8EA59F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C052A7-AAD7-4230-860D-F6768C8EA59F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\sweet-pageSoftware
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171&q={searchTerms}
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Opera v0.0.0.0
 
 
*************************
 
AdwCleaner[R0].txt - [4436 octets] - [12/01/2015 21:11:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4496 octets] ##########


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 14 January 2015 - 02:09 PM

Hi fredXhunger,
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 14 January 2015 - 06:03 PM

Hey Toffee!
 

# AdwCleaner v4.107 - Report created 14/01/2015 at 23:55:18
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - WXPPX86BE-0296
# Running from : C:\Documents and Settings\Admin\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IePluginServices
Folder Deleted : C:\Documents and Settings\Admin\Application Data\sweet-page
Folder Deleted : C:\Documents and Settings\Admin\My Documents\Optimizer Pro
[!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
[!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
[!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm
[!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
File Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\user.js
File Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57C052A7-AAD7-4230-860D-F6768C8EA59F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C052A7-AAD7-4230-860D-F6768C8EA59F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BEE7BE9-DF29-4C14-A18E-2BDD06205E29}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5BEE7BE9-DF29-4C14-A18E-2BDD06205E29}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Opera v0.0.0.0
 
 
*************************
 
AdwCleaner[R0].txt - [4576 octets] - [12/01/2015 21:11:44]
AdwCleaner[S0].txt - [4245 octets] - [14/01/2015 23:55:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4305 octets] ##########


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 15 January 2015 - 03:16 PM

Hi fredXhunger,

 

Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 15 January 2015 - 03:33 PM

Hi Toffee!
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by Admin (administrator) on WXPPX86BE-0296 on 15-01-2015 21:35:33
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Spotify Ltd) C:\Documents and Settings\Admin\Application Data\Spotify\spotify.exe
() C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyHelper.exe
() C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyHelper.exe
() C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyHelper.exe
() C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20053608 2011-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5243712 2014-12-18] (IObit)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Run: [GozuDuji] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\GozuDuji\QuzvUhji.cpw"
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [MaxRecentDocs] 18
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1844237615-1801674531-527237240-1003\...\MountPoints2: V - V:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SecurityProviders: schannel.dll, credssp.dll, digest.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MS .NET Framework 4 - WinXP Slow Boot Fix v3.1.vbs ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {D671275A-5E31-42B8-924E-2DDF8CC2EADB} URL = https://duckduckgo.com/?q={searchTerms}&kp=-1
SearchScopes: HKU\S-1-5-21-1844237615-1801674531-527237240-1003 -> {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live inloggningshjälpen -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{56B41582-DCC6-4D91-8360-F332809A5568}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{72B585A5-DB51-43D1-8A11-B9936049B6C7}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8AFDAB87-78F8-47F1-BBFA-0F5C23C4E608}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4870E49-6298-4048-9265-F31B3775C8C3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\duckduckgo.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-09]
FF Extension: EngUKWrdBrk Class - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{363C2C69-AC9F-1F3E-E010-768FA0D1844A} [2014-12-30]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{2b4f8230-394e-4951-9495-bafd44d837da}.xpi [2014-12-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-10]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\extensions\faststartff@gmail.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://se.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
CHR StartupUrls: Default -> "https://www.facebook.com/", "https://mail.google.com/mail/u/0/#inbox", "https://dub129.mail.live.com/default.aspx?id=64855", "hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Adblock for Youtube™) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-08-19]
CHR Extension: (Sök på Google) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (AdBlock) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-08-19] (Macrovision Europe Ltd.) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-12-12] (IObit)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2633024 2014-12-12] (IObit)
S4 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
S4 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-14] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{6F25DCD6-988B-408C-9CB0-E4F6ACC922C0}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [2158848 2013-11-27] (Atheros Communications, Inc.)
R3 BazisVirtualCDBus; C:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-01-11] (Emsisoft GmbH)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2014-11-10] (IObit)
R0 iastor9; C:\WINDOWS\system32\Drivers\iastor9.sys [471360 2014-07-14] (Intel Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [98504 2013-06-20] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2014-11-10] (IObit.com)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2014-11-10] (IObit.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 21:35 - 2015-01-15 21:35 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\FRST-OlderVersion
2015-01-15 01:07 - 2015-01-15 01:07 - 00262144 _____ () C:\WINDOWS\system32\default_user_class.dat
2015-01-15 01:07 - 2015-01-15 01:07 - 00001024 ____H () C:\WINDOWS\system32\default_user_class.dat.LOG
2015-01-15 00:56 - 2015-01-15 00:57 - 00000000 ____D () C:\WINDOWS\pss
2015-01-14 20:16 - 2015-01-14 20:16 - 00006601 _____ () C:\WINDOWS\KB3021674.log
2015-01-14 20:16 - 2015-01-14 20:16 - 00006398 _____ () C:\WINDOWS\KB3019215.log
2015-01-14 20:16 - 2015-01-14 20:16 - 00005929 _____ () C:\WINDOWS\KB3020393-v2.log
2015-01-14 20:16 - 2015-01-14 20:16 - 00000505 _____ () C:\WINDOWS\updspapi.log
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021674$
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3020393-v2$
2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3019215$
2015-01-13 21:35 - 2014-12-16 01:27 - 00080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tlntsess.exe
2015-01-13 21:35 - 2014-12-06 08:28 - 00728064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\userenv.dll
2015-01-13 21:34 - 2014-12-29 21:42 - 00179968 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxdav.sys
2015-01-12 21:11 - 2015-01-14 23:55 - 00000000 ____D () C:\AdwCleaner
2015-01-11 22:06 - 2015-01-15 16:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-11 22:06 - 2015-01-15 16:53 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-11 22:06 - 2015-01-11 22:06 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-01-11 22:04 - 2015-01-11 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GozuDuji
2015-01-11 19:52 - 2015-01-11 19:52 - 00025225 _____ () C:\Documents and Settings\Admin\Desktop\Addition.txt
2015-01-11 19:50 - 2015-01-15 21:36 - 00015570 _____ () C:\Documents and Settings\Admin\Desktop\FRST.txt
2015-01-11 19:49 - 2015-01-15 21:35 - 00000000 ____D () C:\FRST
2015-01-11 19:47 - 2015-01-15 21:35 - 01116672 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2015-01-11 19:18 - 2015-01-11 19:18 - 00020597 _____ () C:\Documents and Settings\Admin\Desktop\dds.txt
2015-01-11 19:18 - 2015-01-11 19:18 - 00009121 _____ () C:\Documents and Settings\Admin\Desktop\attach.txt
2015-01-11 19:14 - 2015-01-11 19:14 - 00688992 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\dds.com
2015-01-11 19:06 - 2015-01-11 19:06 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\TeamViewer
2015-01-11 18:14 - 2015-01-13 10:11 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-01-11 18:14 - 2015-01-11 18:14 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-11 18:09 - 2015-01-11 18:09 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-01-11 18:09 - 2015-01-11 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-01-11 18:08 - 2015-01-11 19:06 - 00000000 ____D () C:\Program Files\TeamViewer
2015-01-10 21:46 - 2015-01-11 18:56 - 00000637 _____ () C:\Documents and Settings\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-10 21:45 - 2015-01-11 18:56 - 00000000 ____D () C:\EEK
2015-01-10 09:14 - 2015-01-10 09:14 - 00001560 _____ () C:\Documents and Settings\Admin\Desktop\ShadowExplorer.lnk
2015-01-10 09:14 - 2015-01-10 09:14 - 00000000 ____D () C:\Program Files\ShadowExplorer
2015-01-10 09:14 - 2015-01-10 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ShadowExplorer
2015-01-10 09:06 - 2015-01-10 09:06 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-10 00:37 - 2015-01-13 10:27 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-10 00:36 - 2015-01-10 00:36 - 00000000 __RHD () C:\AHCache
2015-01-10 00:19 - 2015-01-14 20:16 - 00026816 _____ () C:\WINDOWS\iis6.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00024731 _____ () C:\WINDOWS\FaxSetup.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00013956 _____ () C:\WINDOWS\ocgen.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00011285 _____ () C:\WINDOWS\tsoc.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00008242 _____ () C:\WINDOWS\comsetup.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00007568 _____ () C:\WINDOWS\msmqinst.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00004992 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00004332 _____ () C:\WINDOWS\netfxocm.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-01-10 00:19 - 2015-01-14 20:16 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-01-10 00:19 - 2015-01-14 20:16 - 00001244 _____ () C:\WINDOWS\tabletoc.log
2015-01-10 00:19 - 2015-01-10 00:34 - 00009045 _____ () C:\WINDOWS\setupapi.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013410$
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-10 00:19 - 2015-01-10 00:19 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-10 00:07 - 2015-01-10 00:07 - 23191552 _____ () C:\WINDOWS\system32\config\software.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00237568 _____ () C:\WINDOWS\system32\config\default.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00049152 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-01-10 00:07 - 2015-01-10 00:07 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\ProductData
2015-01-09 23:51 - 2015-01-09 23:51 - 00000881 _____ () C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2015-01-09 23:50 - 2015-01-11 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-01-09 23:50 - 2015-01-11 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-01-09 23:50 - 2015-01-11 21:42 - 00000000 ____D () C:\Program Files\IObit
2015-01-09 23:50 - 2015-01-09 23:53 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\IObit
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-01-09 23:50 - 2015-01-09 23:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-09 23:38 - 2015-01-09 23:38 - 00001506 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.bak
2015-01-09 23:23 - 2015-01-09 23:42 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\NPE
2015-01-09 23:23 - 2015-01-09 23:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-01-09 23:08 - 2015-01-09 23:08 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe.0694.deleteme
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Quarantine
2015-01-09 22:38 - 2015-01-09 22:38 - 00179600 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe.4413.deleteme
2015-01-09 22:33 - 2015-01-09 23:24 - 00000000 ____D () C:\Program Files\stinger
2015-01-08 22:40 - 2015-01-08 22:40 - 00343784 _____ () C:\Documents and Settings\Admin\enc_files.txt
2015-01-08 22:35 - 2015-01-11 18:46 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\WinCL
2014-12-30 21:48 - 2015-01-11 18:09 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-12-28 23:15 - 2014-12-28 23:15 - 00000747 _____ () C:\Documents and Settings\All Users\Desktop\AVI MP4 Converter.lnk
2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Program Files\AVI MP4 Converter 5
2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVI MP4 Converter
2014-12-28 23:14 - 2014-12-28 23:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\1803528019
2014-12-28 23:13 - 2014-12-28 23:13 - 00000000 __SHD () C:\Documents and Settings\Admin\PrivacIE
2014-12-28 23:02 - 2014-12-28 23:02 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\convertaudiofree
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Opera Software
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Opera Software
2014-12-28 22:59 - 2014-12-28 23:13 - 00000000 ____D () C:\Program Files\Opera
2014-12-26 20:35 - 2014-12-26 20:35 - 00000000 _____ () C:\Documents and Settings\Admin\Desktop\New Text Document.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 21:36 - 2014-08-19 07:08 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2015-01-15 21:33 - 2014-08-19 07:02 - 01557721 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-15 21:30 - 2014-08-19 06:57 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Spotify
2015-01-15 21:30 - 2014-08-19 06:56 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Spotify
2015-01-15 21:15 - 2014-08-19 08:53 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 21:15 - 2014-08-18 22:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-15 21:14 - 2014-08-19 08:53 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 16:57 - 2014-08-19 01:56 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-15 16:52 - 2014-08-19 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-15 01:07 - 2014-08-19 07:08 - 00015920 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-15 01:07 - 2014-08-19 07:08 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-01-15 00:58 - 2014-08-19 01:52 - 00000211 _____ () C:\boot.ini
2015-01-15 00:58 - 2014-08-18 22:44 - 00000491 _____ () C:\WINDOWS\win.ini
2015-01-15 00:58 - 2014-08-18 22:44 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-14 23:57 - 2014-08-18 22:44 - 00002184 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-14 20:47 - 2014-08-19 09:14 - 00046776 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-14 20:16 - 2014-08-18 22:43 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2015-01-11 22:06 - 2014-08-19 01:53 - 01541200 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-10 00:19 - 2014-08-19 06:48 - 00012834 _____ () C:\WINDOWS\system32\TZLog.log
2015-01-10 00:17 - 2014-08-19 09:18 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\BitTorrent
2015-01-10 00:07 - 2014-08-19 07:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-10 00:07 - 2014-08-19 07:07 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-09 23:51 - 2014-09-06 09:52 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Apple Computer
2015-01-09 23:51 - 2014-08-19 07:08 - 00000000 ____D () C:\Documents and Settings\Admin
2015-01-08 22:40 - 2014-12-09 20:28 - 81172205 _____ () C:\Documents and Settings\Admin\Desktop\Fredag den 13e Kladd.rar
2015-01-08 22:40 - 2014-12-09 20:28 - 80122265 _____ () C:\Documents and Settings\Admin\Desktop\Lack of Loud Mix 2.rar
2015-01-08 22:40 - 2014-12-09 20:28 - 20538259 _____ () C:\Documents and Settings\Admin\Desktop\PW Kladd.rar
2014-12-31 20:34 - 2014-08-19 07:01 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-29 21:42 - 2014-08-18 22:43 - 00179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-12-16 01:27 - 2014-08-18 22:44 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntsess.exe
 
Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx20Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx30Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\DotNetFx35Client_Package_x86.exe
C:\Documents and Settings\Admin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Admin\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:36 PM

Posted 17 January 2015 - 03:29 PM

Hi fredXhunger,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: EngUKWrdBrk Class - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{363C2C69-AC9F-1F3E-E010-768FA0D1844A} [2014-12-30]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\extensions\faststartff@gmail.com [Not Found]
CHR StartupUrls: Default -> "https://www.facebook.com/", "https://mail.google.com/mail/u/0/#inbox", "https://dub129.mail.live.com/default.aspx?id=64855", "hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 fredXhunger

fredXhunger
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 18 January 2015 - 05:48 AM

Hey Toffee!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2015 01
Ran by Admin at 2015-01-17 23:41:42 Run:2
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: EngUKWrdBrk Class - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{363C2C69-AC9F-1F3E-E010-768FA0D1844A} [2014-12-30]
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\extensions\faststartff@gmail.com [Not Found]
CHR StartupUrls: Default -> "https://www.facebook.com/", "https://mail.google.com/mail/u/0/#inbox", "https://dub129.mail.live.com/default.aspx?id=64855", "hxxp://www.sweet-page.com/?type=hp&ts=1419804025&from=cor&uid=WDCXWD3200BPVT-80JJ5T0_WD-WXL1A81Y1171Y1171"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\Extensions\{363C2C69-AC9F-1F3E-E010-768FA0D1844A} => Moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dqumv166.default\extensions\faststartff@gmail.com => not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
 
==== End of Fixlog 23:41:42 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users