TechSpot

Problem with Google Redirecting

By JonD6996
Dec 4, 2010
  1. Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5245

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16982

    12/4/2010 6:52:27 PM
    mbam-log-2010-12-04 (18-52-19).txt

    Scan type: Quick scan
    Objects scanned: 152663
    Time elapsed: 3 minute(s), 23 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    c:\Windows\andy145.exe (Spyware.Passwords.XGen) -> 2700 -> No action taken.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xuri49tkd (Spyware.Passwords.XGen) -> Value: xuri49tkd -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\andy145.exe (Spyware.Passwords.XGen) -> No action taken.
    c:\Users\Jon\local settings\application data\10112010146103.xxe (Worm.KoobFace) -> No action taken.
    c:\Users\Jon\local settings\application data\1011201014697.xxe (Worm.KoobFace) -> No action taken.
    c:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.
    c:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please paste the logs, do not attach them.

    ====

    Make sure that you remove items found by MBA-M. The log above says that no action was taken.
     
  3. JonD6996

    JonD6996 TS Rookie Topic Starter

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-04 20:24:45
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HDP725050GLA360 rev.GM4OA5BA
    Running: GMER.exe; Driver: C:\Users\Jon\AppData\Local\Temp\pwrdypow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5BA#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
     
  4. JonD6996

    JonD6996 TS Rookie Topic Starter

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by Jon at 19:54:47.00 on Sat 12/04/2010
    Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3316.2144 [GMT -6:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
    SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\ZoneLabs\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jon\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 174.37.172.128:1080
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRun: [<NO NAME>]
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - c:\program files\no more cookies\No More Cookies.exe
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/gmail
    FF - component: c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Autofill Forms: autofillForms@blueimp.net - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\autofillForms@blueimp.net
    FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============

    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2010-11-14 79052]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-6 28552]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-4 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-4 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-4 60936]
    R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-21 136176]
    S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-11-2 22016]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 12872]

    =============== Created Last 30 ================

    2010-12-04 22:08:26 -------- d-----w- c:\users\jon\appdata\roaming\Avira
    2010-12-04 22:02:20 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-04 22:02:18 -------- d-----w- c:\program files\Avira
    2010-12-04 22:02:18 -------- d-----w- c:\progra~2\Avira
    2010-12-04 21:33:05 388096 ----a-r- c:\users\jon\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-04 21:33:04 -------- d-----w- c:\program files\Trend Micro
    2010-12-04 21:06:26 -------- d-----w- c:\users\jon\appdata\roaming\Malwarebytes
    2010-12-04 21:06:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-04 21:06:13 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-04 21:06:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-04 21:06:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-01 19:23:54 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{529e7e16-7ae6-4abd-8954-7c38645022b6}\mpengine.dll
    2010-12-01 19:03:28 -------- d--h--w- c:\progra~2\CanonIJMyPrinter
    2010-12-01 06:40:01 -------- d--h--w- c:\progra~2\CanonIJSolutionMenu
    2010-12-01 06:39:47 -------- d-----w- c:\progra~2\CanonIJPLM
    2010-11-30 21:22:59 -------- d-----w- c:\program files\common files\CANON
    2010-11-30 21:19:27 -------- d-----w- c:\program files\Canon
    2010-11-30 20:18:57 -------- d-----w- c:\users\jon\appdata\local\ElevatedDiagnostics
    2010-11-30 19:56:11 -------- d-----w- c:\program files\Microsoft ATS
    2010-11-30 03:28:26 -------- d-----w- c:\program files\DriverFinder
    2010-11-30 03:26:54 -------- d-----w- c:\users\jon\appdata\roaming\DriverFinder
    2010-11-30 03:26:29 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
    2010-11-30 03:26:29 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
    2010-11-30 03:24:43 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
    2010-11-30 03:22:11 303104 ----a-w- c:\windows\system32\CNC250L.dll
    2010-11-30 03:22:10 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2010-11-30 03:22:10 1310720 ----a-w- c:\windows\system32\CNC250C.dll
    2010-11-30 03:22:10 110592 ----a-w- c:\windows\system32\CNC250I.dll
    2010-11-30 03:22:10 106496 ----a-w- c:\windows\system32\CNC250U.dll
    2010-11-15 19:04:31 -------- d-----w- c:\program files\InstantLeadMagnet
    2010-11-14 23:24:26 80 --sh--r- c:\windows\system32\DB04031F44.dll
    2010-11-14 23:24:26 -------- d-----w- c:\progra~2\Protexis
    2010-11-14 23:21:04 79052 ----a-w- c:\windows\system32\drivers\AFS.SYS
    2010-11-14 23:21:01 57344 ----a-w- c:\program files\internet explorer\plugins\NPEvery.dll
    2010-11-14 23:21:01 233472 ----a-w- c:\program files\internet explorer\plugins\NPExpFTP.dll
    2010-11-14 23:21:01 155648 ----a-w- c:\program files\internet explorer\plugins\broderbund\PretzlDn.dll
    2010-11-14 23:20:58 -------- d-----w- c:\progra~2\Broderbund Software
    2010-11-14 23:20:15 -------- d-----w- c:\program files\Web Publish
    2010-11-14 23:20:13 970752 ----a-w- c:\windows\system32\cdintf210.dll
    2010-11-14 23:18:58 -------- d-----w- c:\program files\The Print Shop 21
    2010-11-12 21:37:40 -------- d-----r- c:\program files\Skype
    2010-11-12 18:43:21 -------- d-----w- c:\users\jon\{105a42a6-663c-4719-a852-e274a8dd3a7f}
    2010-11-12 18:27:46 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2010-11-12 18:27:46 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2010-11-12 18:27:46 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2010-11-12 18:27:45 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2010-11-12 18:27:45 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2010-11-12 18:27:45 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2010-11-12 18:27:45 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2010-11-12 18:27:45 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2010-11-12 17:41:06 -------- d-----w- c:\users\jon\appdata\roaming\ubot
    2010-11-12 17:40:58 -------- d-----w- c:\users\jon\appdata\local\Xenocode
    2010-11-09 18:55:35 -------- d-----w- c:\users\jon\appdata\local\AIM
    2010-11-09 18:55:35 -------- d-----w- c:\progra~2\AIM
    2010-11-09 18:55:25 -------- d-----w- c:\program files\AIM
    2010-11-09 18:55:24 -------- d-----w- c:\program files\common files\Software Update Utility

    ==================== Find3M ====================

    2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-30 11:18:24 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6000 Disk: Hitachi_HDP725050GLA360 rev.GM4OA5BA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86953555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869597b0]; MOV EAX, [0x8695982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82427F3B] -> \Device\Harddisk0\DR0[0x85A9D830]
    3 nt[0x824B07E2] -> ntkrnlpa!IofCallDriver[0x82427F3B] -> [0x84B44928]
    5 acpi[0x8046932A] -> ntkrnlpa!IofCallDriver[0x82427F3B] -> [0x85959BB0]
    \Driver\atapi[0x865B0118] -> IRP_MJ_CREATE -> 0x86953555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5BA#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 19:55:29.79 ===============
     
  5. JonD6996

    JonD6996 TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 5/7/2008 9:12:08 PM
    System Uptime: 12/4/2010 7:46:00 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0FM586
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 456 GiB total, 276.891 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.787 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================


    7-Zip 4.65
    AC-3 ACM Decompressor
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.3.2 - CPSID_53951
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 8.1.0
    AI RoboForm (All Users)
    AIM 7
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    Camtasia Studio 6
    Canon Easy-WebPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.0
    Canon MP250 series MP Drivers
    Canon MP250 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CLHARVester
    Compatibility Pack for the 2007 Office system
    Core FTP LE 2.1
    Craigslist Ad Responder
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DMR
    Download Updater (AOL LLC)
    DriverFinder
    EasyGmail Creator Suite
    Email Address Collector
    ESET NOD32 Antivirus
    Free Music Zilla
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    GYC Automator Beta
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hoyle Games Demo
    InstantLeadMagnet v1.15
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 12.1.11.0
    iPhone Configuration Utility
    iTunes
    Java(TM) 6 Update 17
    Java(TM) SE Runtime Environment 6
    KillProcess 2.44
    Logitech Audio Echo Cancellation Component
    Logitech QuickCam
    Logitech Video Enumerator
    Logitech® Camera Driver
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    MobileMe Control Panel
    MotoConnect 1.1.31
    Motorola Mobile Drivers Installation 4.7.1
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music, Photos & Videos Launcher
    MVision
    Nitro PDF Professional
    No More Cookies 1.3
    NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
    Panda ActiveScan 2.0
    Portal
    Product Documentation Launcher
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Skype Toolbars
    Skype™ 5.0
    SmartFTP Client
    SmartFTP Client 3.0 Setup Files (remove only)
    Spybot - Search & Destroy
    Star Trek Online
    Steam
    SUPERAntiSpyware Free Edition
    Switch Sound File Converter
    Team Fortress 2
    TextPad 5
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    User's Guides
    Viewpoint Media Player
    VLC media player 0.9.9
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    YmailerXX
    ZoneAlarm

    ==== End Of File ===========================
     
  6. JonD6996

    JonD6996 TS Rookie Topic Starter


    Thanks for pointing that out. I didn't realize I had neglected to delete those items.
     
  7. crunchie

    crunchie Malware Helper Posts: 728

    you will need to run it again. Update it first though.

    ==

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  8. crunchie

    crunchie Malware Helper Posts: 728

    You need to uninstall the AntiVir anti-virus software as there will be problems running more than one program concurrently.
     
  9. JonD6996

    JonD6996 TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5245

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16982

    12/4/2010 11:46:31 PM
    mbam-log-2010-12-04 (23-46-31).txt

    Scan type: Quick scan
    Objects scanned: 152945
    Time elapsed: 3 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  10. JonD6996

    JonD6996 TS Rookie Topic Starter

    Done
     
  11. crunchie

    crunchie Malware Helper Posts: 728

    Combofix?.
     
  12. JonD6996

    JonD6996 TS Rookie Topic Starter

    I'm having trouble with ComboFix. Every time I try to run it my machine crashes (Blue Screen), including in Safe Mode. This happens just a few seconds after I double click ComboFix to open it.
     
  13. crunchie

    crunchie Malware Helper Posts: 728

    Ok, try this:

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  14. JonD6996

    JonD6996 TS Rookie Topic Starter

    2010/12/05 00:59:46.0021 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
    2010/12/05 00:59:46.0021 ================================================================================
    2010/12/05 00:59:46.0021 SystemInfo:
    2010/12/05 00:59:46.0021
    2010/12/05 00:59:46.0021 OS Version: 6.0.6000 ServicePack: 0.0
    2010/12/05 00:59:46.0021 Product type: Workstation
    2010/12/05 00:59:46.0021 ComputerName: JON-PC
    2010/12/05 00:59:46.0021 UserName: Jon
    2010/12/05 00:59:46.0021 Windows directory: C:\Windows
    2010/12/05 00:59:46.0021 System windows directory: C:\Windows
    2010/12/05 00:59:46.0021 Processor architecture: Intel x86
    2010/12/05 00:59:46.0021 Number of processors: 4
    2010/12/05 00:59:46.0021 Page size: 0x1000
    2010/12/05 00:59:46.0021 Boot type: Normal boot
    2010/12/05 00:59:46.0021 ================================================================================
    2010/12/05 00:59:46.0260 Initialize success
    2010/12/05 00:59:53.0831 ================================================================================
    2010/12/05 00:59:53.0831 Scan started
    2010/12/05 00:59:53.0831 Mode: Manual;
    2010/12/05 00:59:53.0831 ================================================================================
    2010/12/05 00:59:54.0537 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    2010/12/05 00:59:54.0589 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/05 00:59:54.0629 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/12/05 00:59:54.0656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/05 00:59:54.0681 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/12/05 00:59:54.0718 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    2010/12/05 00:59:54.0801 AFS (8d0cf8a08034cd3d273c9ffc759b62a6) C:\Windows\system32\drivers\AFS.sys
    2010/12/05 00:59:54.0906 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
    2010/12/05 00:59:54.0967 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/05 00:59:55.0025 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
    2010/12/05 00:59:55.0045 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
    2010/12/05 00:59:55.0069 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
    2010/12/05 00:59:55.0111 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/12/05 00:59:55.0137 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/12/05 00:59:55.0231 AnyDVD (2859c5ec3943911bf1e6458089a75f35) C:\Windows\system32\Drivers\AnyDVD.sys
    2010/12/05 00:59:55.0287 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/12/05 00:59:55.0321 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/12/05 00:59:55.0397 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/05 00:59:55.0420 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
    2010/12/05 00:59:55.0470 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    2010/12/05 00:59:55.0503 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/05 00:59:55.0536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/05 00:59:55.0557 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/05 00:59:55.0631 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/05 00:59:55.0651 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/05 00:59:55.0671 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/05 00:59:55.0687 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/05 00:59:55.0705 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/05 00:59:55.0739 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/05 00:59:55.0846 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/05 00:59:55.0866 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/12/05 00:59:55.0897 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    2010/12/05 00:59:55.0929 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
    2010/12/05 00:59:55.0942 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
    2010/12/05 00:59:55.0956 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/05 00:59:55.0977 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/12/05 00:59:56.0057 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/05 00:59:56.0101 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    2010/12/05 00:59:56.0148 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/05 00:59:56.0189 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/05 00:59:56.0257 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
    2010/12/05 00:59:56.0287 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/05 00:59:56.0321 eamon (23a6e5a600d3743be536161e9c6f2043) C:\Windows\system32\DRIVERS\eamon.sys
    2010/12/05 00:59:56.0352 easdrv (0ed4fa004a79e44df4dbdc85f44fc1fd) C:\Windows\system32\DRIVERS\easdrv.sys
    2010/12/05 00:59:56.0438 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    2010/12/05 00:59:56.0498 ElbyCDIO (64664287ca449c060fe46941dd67dd5f) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2010/12/05 00:59:56.0534 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/12/05 00:59:56.0572 epfwtdir (ccfb3bb29c08fcab134f237743bb0311) C:\Windows\system32\DRIVERS\epfwtdir.sys
    2010/12/05 00:59:56.0594 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    2010/12/05 00:59:56.0624 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/05 00:59:56.0650 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/05 00:59:56.0673 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    2010/12/05 00:59:56.0755 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/05 00:59:56.0808 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/05 00:59:56.0842 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/05 00:59:56.0859 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/12/05 00:59:56.0882 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/05 00:59:56.0978 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/05 00:59:57.0006 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/12/05 00:59:57.0025 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/12/05 00:59:57.0055 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/05 00:59:57.0080 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/12/05 00:59:57.0127 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    2010/12/05 00:59:57.0190 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/12/05 00:59:57.0224 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/05 00:59:57.0261 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
    2010/12/05 00:59:57.0282 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/12/05 00:59:57.0436 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/12/05 00:59:57.0488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/12/05 00:59:57.0617 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
    2010/12/05 00:59:57.0672 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
    2010/12/05 00:59:57.0688 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/05 00:59:57.0755 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/05 00:59:57.0813 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/12/05 00:59:57.0830 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/12/05 00:59:57.0856 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    2010/12/05 00:59:57.0877 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
    2010/12/05 00:59:57.0914 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/05 00:59:57.0970 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/12/05 00:59:58.0002 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/12/05 00:59:58.0032 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/05 00:59:58.0067 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/12/05 00:59:58.0111 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/05 00:59:58.0186 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/05 00:59:58.0220 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/12/05 00:59:58.0239 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/12/05 00:59:58.0288 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/12/05 00:59:58.0309 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    2010/12/05 00:59:58.0415 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\Windows\system32\DRIVERS\LVcKap.sys
    2010/12/05 00:59:58.0505 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\Windows\system32\DRIVERS\LVMVDrv.sys
    2010/12/05 00:59:58.0623 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    2010/12/05 00:59:58.0825 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
    2010/12/05 00:59:59.0002 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/12/05 00:59:59.0024 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    2010/12/05 00:59:59.0101 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/05 00:59:59.0180 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/05 00:59:59.0201 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/05 00:59:59.0234 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/05 00:59:59.0264 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/12/05 00:59:59.0297 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/05 00:59:59.0317 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/12/05 00:59:59.0359 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    2010/12/05 00:59:59.0389 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    2010/12/05 00:59:59.0461 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/05 00:59:59.0496 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/05 00:59:59.0527 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/05 00:59:59.0613 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/05 00:59:59.0686 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
    2010/12/05 00:59:59.0709 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/12/05 00:59:59.0732 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    2010/12/05 00:59:59.0795 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
    2010/12/05 00:59:59.0850 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/05 00:59:59.0880 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/05 00:59:59.0895 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/05 00:59:59.0918 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/05 00:59:59.0934 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/05 00:59:59.0952 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/05 00:59:59.0982 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    2010/12/05 01:00:00.0063 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/05 01:00:00.0115 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    2010/12/05 01:00:00.0223 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/05 01:00:00.0279 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/05 01:00:00.0303 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/05 01:00:00.0319 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/05 01:00:00.0344 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/05 01:00:00.0367 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/05 01:00:00.0397 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/12/05 01:00:00.0448 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    2010/12/05 01:00:00.0502 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/05 01:00:00.0547 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/05 01:00:00.0586 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/12/05 01:00:00.0627 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    2010/12/05 01:00:00.0676 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/12/05 01:00:00.0694 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/12/05 01:00:00.0718 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
    2010/12/05 01:00:00.0832 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/12/05 01:00:00.0877 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/12/05 01:00:00.0934 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
    2010/12/05 01:00:00.0955 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/12/05 01:00:01.0023 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
    2010/12/05 01:00:01.0098 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
    2010/12/05 01:00:01.0156 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
    2010/12/05 01:00:01.0178 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/12/05 01:00:01.0235 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/12/05 01:00:01.0314 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/05 01:00:01.0357 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/12/05 01:00:01.0396 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/05 01:00:01.0458 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/12/05 01:00:01.0532 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/12/05 01:00:01.0555 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/12/05 01:00:01.0575 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/05 01:00:01.0672 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/12/05 01:00:01.0737 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/05 01:00:01.0803 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/05 01:00:01.0853 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/05 01:00:01.0879 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/05 01:00:01.0892 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/05 01:00:01.0925 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/05 01:00:01.0977 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/05 01:00:02.0012 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/05 01:00:02.0113 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2010/12/05 01:00:02.0198 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
    2010/12/05 01:00:02.0248 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/05 01:00:02.0309 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2010/12/05 01:00:02.0327 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2010/12/05 01:00:02.0361 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2010/12/05 01:00:02.0412 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/12/05 01:00:02.0460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/05 01:00:02.0494 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/12/05 01:00:02.0514 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/12/05 01:00:02.0557 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    2010/12/05 01:00:02.0604 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    2010/12/05 01:00:02.0641 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/12/05 01:00:02.0663 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    2010/12/05 01:00:02.0682 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/12/05 01:00:02.0715 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
    2010/12/05 01:00:02.0737 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/12/05 01:00:02.0818 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/12/05 01:00:02.0862 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/05 01:00:02.0903 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    2010/12/05 01:00:02.0942 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/05 01:00:02.0970 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/05 01:00:03.0017 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/05 01:00:03.0086 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/05 01:00:03.0143 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/12/05 01:00:03.0181 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/12/05 01:00:03.0200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/12/05 01:00:03.0263 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
    2010/12/05 01:00:03.0304 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/05 01:00:03.0335 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/05 01:00:03.0361 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/05 01:00:03.0403 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/05 01:00:03.0422 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/05 01:00:03.0436 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/05 01:00:03.0478 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/05 01:00:03.0542 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/12/05 01:00:03.0566 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/05 01:00:03.0607 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2010/12/05 01:00:03.0629 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/05 01:00:03.0666 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
    2010/12/05 01:00:03.0692 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/12/05 01:00:03.0736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/12/05 01:00:03.0805 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/12/05 01:00:03.0856 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/05 01:00:03.0940 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
    2010/12/05 01:00:03.0995 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
    2010/12/05 01:00:04.0079 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/05 01:00:04.0123 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/12/05 01:00:04.0184 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/05 01:00:04.0218 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/05 01:00:04.0243 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/12/05 01:00:04.0265 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/12/05 01:00:04.0359 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/05 01:00:04.0389 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/05 01:00:04.0421 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/05 01:00:04.0481 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
    2010/12/05 01:00:04.0518 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/05 01:00:04.0564 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    2010/12/05 01:00:04.0581 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
    2010/12/05 01:00:04.0610 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/12/05 01:00:04.0630 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
    2010/12/05 01:00:04.0653 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
    2010/12/05 01:00:04.0757 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/05 01:00:04.0885 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    2010/12/05 01:00:04.0975 Vsdatant (c86d6640281981fa36b26a91dabf5feb) C:\Windows\system32\DRIVERS\vsdatant.sys
    2010/12/05 01:00:05.0007 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/12/05 01:00:05.0085 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/12/05 01:00:05.0128 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/05 01:00:05.0154 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/05 01:00:05.0184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/12/05 01:00:05.0224 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/05 01:00:05.0316 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
    2010/12/05 01:00:05.0390 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/12/05 01:00:05.0424 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/05 01:00:05.0472 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/05 01:00:05.0505 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/05 01:00:05.0508 ================================================================================
    2010/12/05 01:00:05.0508 Scan finished
    2010/12/05 01:00:05.0508 ================================================================================
    2010/12/05 01:00:05.0517 Detected object count: 1
    2010/12/05 01:00:15.0471 \HardDisk0 - will be cured after reboot
    2010/12/05 01:00:15.0472 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
     
  15. crunchie

    crunchie Malware Helper Posts: 728

    Can you run Combofix now? If not try the following to run it:

    Make certain that Combofix is on the Desktop first!


    • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.



      [​IMG]

    • Click OK and this will start ComboFix.
    • When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply.
    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    * Re-enable all the programs that were disabled prior to the running of ComboFix.

    * Post the following logs/Reports:
    • ComboFix.txt
    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  16. JonD6996

    JonD6996 TS Rookie Topic Starter

    ComboFix 10-12-04.01 - Jon 12/05/2010 1:33.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3316.2087 [GMT -6:00]
    Running from: c:\users\Jon\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Jon\AppData\Roaming\ubot
    c:\users\Jon\g2mdlhlpx.exe
    c:\windows\system32\DB04031F44.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
    .

    2010-12-05 07:20 . 2010-12-05 07:30 -------- d-----w- C:\32788R22FWJFW
    2010-12-04 21:33 . 2010-12-04 21:33 388096 ----a-r- c:\users\Jon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-04 21:33 . 2010-12-04 21:33 -------- d-----w- c:\program files\Trend Micro
    2010-12-04 21:06 . 2010-12-04 21:06 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes
    2010-12-04 21:06 . 2010-12-04 21:06 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-01 19:23 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{529E7E16-7AE6-4ABD-8954-7C38645022B6}\mpengine.dll
    2010-12-01 19:03 . 2010-12-01 19:03 -------- d--h--w- c:\programdata\CanonIJMyPrinter
    2010-12-01 06:40 . 2010-12-01 06:40 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
    2010-12-01 06:39 . 2010-12-04 20:36 -------- d-----w- c:\programdata\CanonIJPLM
    2010-11-30 21:22 . 2010-11-30 21:22 -------- d-----w- c:\program files\Common Files\CANON
    2010-11-30 21:19 . 2010-12-01 06:39 -------- d-----w- c:\program files\Canon
    2010-11-30 20:18 . 2010-11-30 20:18 -------- d-----w- c:\users\Jon\AppData\Local\ElevatedDiagnostics
    2010-11-30 19:56 . 2010-11-30 20:00 -------- d-----w- c:\program files\Microsoft ATS
    2010-11-30 03:27 . 2010-11-30 03:27 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2010-11-30 03:26 . 2010-11-30 03:30 -------- d-----w- c:\users\Jon\AppData\Roaming\DriverFinder
    2010-11-30 03:26 . 2010-11-30 03:26 -------- d--h--w- c:\programdata\CanonBJ
    2010-11-30 03:26 . 2010-04-24 11:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9W.DLL
    2010-11-30 03:26 . 2010-04-24 11:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9W.DLL
    2010-11-30 03:24 . 2010-04-24 11:00 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
    2010-11-30 03:22 . 2009-03-11 17:34 303104 ----a-w- c:\windows\system32\CNC250L.dll
    2010-11-30 03:22 . 2009-04-03 22:00 1310720 ----a-w- c:\windows\system32\CNC250C.dll
    2010-11-30 03:22 . 2009-04-03 21:59 110592 ----a-w- c:\windows\system32\CNC250I.dll
    2010-11-30 03:22 . 2009-04-03 21:57 106496 ----a-w- c:\windows\system32\CNC250U.dll
    2010-11-30 03:22 . 2008-08-26 00:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2010-11-15 19:04 . 2010-11-17 03:41 -------- d-----w- c:\program files\InstantLeadMagnet
    2010-11-15 19:03 . 2010-11-15 19:03 -------- d-----w- c:\program files\7-Zip
    2010-11-15 12:54 . 2010-11-15 12:54 2790864 ----a-w- c:\users\Public\install_flash_player.exe
    2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\users\Angelia\AppData\Local\Broderbund Software
    2010-11-14 23:24 . 2010-11-16 17:37 -------- d-----w- c:\programdata\Protexis
    2010-11-14 23:21 . 2010-11-14 23:21 79052 ----a-w- c:\windows\system32\drivers\AFS.SYS
    2010-11-14 23:21 . 2003-06-25 16:18 155648 ----a-w- c:\program files\Internet Explorer\Plugins\Broderbund\PretzlDn.dll
    2010-11-14 23:21 . 2003-06-25 16:18 57344 ----a-w- c:\program files\Internet Explorer\Plugins\NPEvery.dll
    2010-11-14 23:21 . 2002-06-14 18:06 233472 ----a-w- c:\program files\Internet Explorer\Plugins\NPExpFTP.dll
    2010-11-14 23:20 . 2010-11-14 23:20 -------- d-----w- c:\programdata\Broderbund Software
    2010-11-14 23:20 . 2010-11-15 18:23 -------- d-----w- c:\program files\Web Publish
    2010-11-14 23:20 . 2003-07-08 17:45 970752 ----a-w- c:\windows\system32\cdintf210.dll
    2010-11-14 23:18 . 2010-11-30 19:35 -------- d-----w- c:\program files\The Print Shop 21
    2010-11-12 21:38 . 2010-11-22 22:04 -------- d-----w- c:\users\Angelia\AppData\Roaming\skypePM
    2010-11-12 21:38 . 2010-11-13 02:01 -------- d-----w- c:\users\Jon\AppData\Roaming\Skype
    2010-11-12 21:37 . 2010-11-12 21:37 -------- d-----w- c:\program files\Common Files\Skype
    2010-11-12 21:37 . 2010-12-05 07:11 -------- d-----r- c:\program files\Skype
    2010-11-12 21:37 . 2010-11-28 16:34 -------- d-----w- c:\users\Angelia\AppData\Roaming\Skype
    2010-11-12 21:37 . 2010-11-12 21:37 -------- d-----w- c:\programdata\Skype
    2010-11-12 18:43 . 2010-11-12 18:43 -------- d-----w- c:\users\Jon\{105a42a6-663c-4719-a852-e274a8dd3a7f}
    2010-11-12 18:27 . 2003-11-11 00:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
    2010-11-12 18:27 . 2003-11-11 00:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
    2010-11-12 18:27 . 2003-11-11 00:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2010-11-12 18:27 . 2010-11-12 18:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
    2010-11-12 18:27 . 2010-11-12 18:27 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
    2010-11-12 18:27 . 2003-11-11 00:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
    2010-11-12 18:27 . 2003-11-11 00:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
    2010-11-12 18:27 . 2003-11-11 00:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
    2010-11-12 18:27 . 2010-11-12 18:27 -------- d-----w- c:\programdata\Logitech
    2010-11-12 18:25 . 2010-11-12 18:27 -------- d-----w- c:\program files\Logitech
    2010-11-12 17:40 . 2010-11-12 17:40 -------- d-----w- c:\users\Jon\AppData\Local\Xenocode
    2010-11-09 18:55 . 2010-11-16 18:47 -------- d-----w- c:\users\Jon\AppData\Local\AIM
    2010-11-09 18:55 . 2010-11-09 18:55 -------- d-----w- c:\users\Angelia\AppData\Local\AIM
    2010-11-09 18:55 . 2010-11-09 18:55 -------- d-----w- c:\programdata\AIM
    2010-11-09 18:55 . 2010-11-09 18:55 -------- d-----w- c:\program files\AIM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 16:41 . 2009-10-02 16:47 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-30 21:25 . 2010-09-30 21:25 30376 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-09-30 11:18 . 2010-09-30 11:18 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
    2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-12-05 17:08 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-05-08 02:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk]
    path=c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk
    backup=c:\windows\pss\Free Music Zilla.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-04-03 21:44 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2010-04-04 03:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 16:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-05-11 07:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-10-12 23:11 4258136 ----a-w- c:\program files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2010-10-02 20:20 4537280 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2008-07-22 16:45 50520 ----a-w- c:\users\Jon\AppData\Roaming\mjusbsp\cdloader2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2008-03-11 16:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
    2008-02-20 16:06 1443072 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-29 02:21 141600 ----a-w- c:\program files\itunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-02-08 07:12 488984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-02-08 07:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2008-11-06 03:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2010-03-28 01:47 16184 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-10-11 22:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2008-07-23 20:54 1271032 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-17 20:59 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-12-04 19:21 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-05-08 02:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-08-21 14:00 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4218118254-907953296-3052221464-1000]
    "EnableNotificationsRef"=dword:00000002

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 136176]
    R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-02 9216]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2006-11-02 22016]
    S0 AFS;AFS; [x]
    S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
    S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
    S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-12-16 188736]
    S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 13:46]

    2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 13:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 174.37.172.128:1080
    IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {{334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - c:\program files\No More Cookies\No More Cookies.exe
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/gmail
    FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Autofill Forms: autofillForms@blueimp.net - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\autofillForms@blueimp.net
    FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
    MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
    MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
    MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
    MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    MSConfigStartUp-SmileboxTray - c:\users\Angelia\AppData\Roaming\Smilebox\SmileboxTray.exe
    MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
    MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{475aafd1-557c-4618-b1e6-32addb7e7cb4}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:07020054
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4b1dc09a-60cf-44f2-8b0e-46857c8b4553}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0c001d09
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:07001422
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a0d9f07d-68e9-4340-9ac8-aff50b7bebb6}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0c001372
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:06001422
    "Dhcpv6State"=dword:00000000
    .
    Completion time: 2010-12-05 01:40:16
    ComboFix-quarantined-files.txt 2010-12-05 07:40

    Pre-Run: 296,583,180,288 bytes free
    Post-Run: 298,342,809,600 bytes free

    - - End Of File - - E4B1F10ECA22433D385E82A363995950
     
  17. crunchie

    crunchie Malware Helper Posts: 728

    How are things now?
     
  18. JonD6996

    JonD6996 TS Rookie Topic Starter

    As of now everything seems to be running as it should.

    Thank you so much for your help.
     
  19. crunchie

    crunchie Malware Helper Posts: 728

    No worries. Just do a quick online scan to see if anything else shows.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
  20. JonD6996

    JonD6996 TS Rookie Topic Starter

    I could not get the ESET to run. The window just sat on my desktop for a couple hours with no progress after launching it. I did run the Trend Micro Housecall but it did not produce a log I could post here. It just said "No Threat Found" I do have ESET NOD32 installed on my computer and will post the log it produces once it completes a scan.
     
  21. crunchie

    crunchie Malware Helper Posts: 728

    No worries. Post up when ready.
     
  22. JonD6996

    JonD6996 TS Rookie Topic Starter

    Scan Log
    Version of virus signature database: 5675 (20101205)
    Date: 12/5/2010 Time: 2:06:05 PM
    Scanned disks, folders and files: C:\;D:\
    C:\hiberfil.sys - error opening [4]
    C:\pagefile.sys - error opening [4]
    C:\Windows:nlsPreferences - error opening [4]
    C:\Boot\BCD - error opening [4]
    C:\Boot\BCD.LOG - error opening [4]
    C:\Drivers\video\R167384\LANG\HDMI\esp\license.txt » MIME - is OK (internal scanning not performed)
    C:\Drivers\video\R167384\LANG\HDMI\ita\license.txt » MIME - is OK (internal scanning not performed)
    C:\Drivers\video\R167384\LANG\HDMI\ptb\license.txt » MIME - is OK (internal scanning not performed)
    C:\Drivers\video\R167384\LANG\HDMI\ptg\license.txt » MIME - is OK (internal scanning not performed)
    C:\i386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
    C:\i386\LANG\PHHLP.HL_ » CAB » phhlp.hlp - archive damaged - the file could not be extracted.
    C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
    C:\Program Files\AIM\uninst.exe » NSIS - bad archive
    C:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe » NSIS - bad archive
    C:\Program Files\Common Files\AOL\Loader\alunins.exe » NSIS - bad archive
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Common Files\logishrd\QCDRV\BIN\ESP\license.txt » MIME - is OK (internal scanning not performed)
    C:\Program Files\Common Files\logishrd\QCDRV\BIN\PTB\license.txt » MIME - is OK (internal scanning not performed)
    C:\Program Files\InstantLeadMagnet\bpcateg.gdb » MIME - is OK (internal scanning not performed)
    C:\Program Files\InstantLeadMagnet\clcateg.gdb » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre1.6.0\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre1.6.0\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre1.6.0\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre1.6.0\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
    C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/limewire.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ESP\license.txt » MIME - is OK (internal scanning not performed)
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\PTB\license.txt » MIME - is OK (internal scanning not performed)
    C:\Program Files\Microsoft Office\OFFICE11\1033\VIDEO.MHT » MIME - is OK (internal scanning not performed)
    C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe » NSIS - bad archive
    C:\Program Files\Steam\SteamApps\jond6996\team fortress 2\tf\cache\cp_smbcastle2.bsp.bz20000 » BZ2 » cp_smbcastle2.bsp.bz20000 - bad archive
    C:\Program Files\Steam\SteamApps\jond6996\team fortress 2\tf\cache\surf_machine_remix_v5.bsp.bz20000 » BZ2 » surf_machine_remix_v5.bsp.bz20000 - bad archive
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMinst.exe » NSIS - bad archive
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMLang.exe » NSIS - bad archive
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\tbsetup.exe » NSIS - bad archive
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0269e9d91b9c2c68b757a2001b84bc1a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0959080a8da7c37b3f4c7a47ca57c758_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d09d85bdc09d6bfe1e0ce708efaaaf4_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fd86f8ae2679167c8d0e8bd63aca1b1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\180f4a1d30b0b1aa4871403cd4c737d3_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18fd479d765692740c13e89301d804c5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\19754e2b796466645cacd2dd7954679c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25a3cb5b29f2af06fc4563121a54769c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29f4a71f82ca7967e9d6babe62c8d88c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3515bc3c43e9fd8b3d2d11fcddfdfa3c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a399d62cb21a66ca60a57e9c1cb980e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4071709ffa6881d996cf4bc11b7bff9e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\448e9ce4f5b3ab1f5f10445e1b73b1c8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\466f4be56963042c378e776c3e2441f8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b01b57a6fb6b06376436d45a2e5a6d5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5df94ec4ea6e7c021d2b999cdf5628b0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ca49397dad5ce4961ae6aea19018811_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ff75cdee029c0f62b1d3868938cdc7a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84a98b458f4887aefecfe24b1e673200_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\88568acce626b42e06604fd3d478ac05_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c2065b42db67aac9ced7339b91f7daa_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8eda83430e3298c687074c9fe1c673c9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8efec56dbe88f77f5a7acb492f7e9c3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fd87b03d5e696db7d407e6db12fe24f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\96e3b8f13f2227f97f6a83f2b10bd9a1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cb237abbb504b21f285695d612fa90b_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d640080f2cc0fc9a23db6ab21b2f99c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f576d18138d21ec78c34260b48c13b7_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3c785342c76dd64ee140012a10425cd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae4b3e3c2a590f5a7032c33319dc3f3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b267b6693e6ef0c9ee19866468ea8854_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b94029ee6a6582ae8370650dcf747096_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc3e0f28d9739113322187897c0a84f9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf34db8aa5a90ffb71479a34e90bfcd0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c36313b74d27edfb94f66fe6d0b46fb1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c75002f3a2a11b464ff780b12923820e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c88be22c1ff839eb4719aa67085a3bdf_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca0843bcdda4470e495b3fcfd91823dd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cada5ad018177de5f548733a7e3fa2d8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf5c7806bfe97c081942da680e378278_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d246878be80d73696b72e1c0ce563738_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7a075ab4539437d2843ce8fe6df8aea_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9ab8b66f6a5390fe6f2d3f4f46dbedb_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e71e6b193fa552d0a61e1bf87295081d_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1a152155b67dd92f9bae8d1a04eb1af_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f25896945e8a8c140e5d27162d496fe8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\faa5ea375912252cea3269d7358d9697_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd4589cf37fa76c3b7b1d4e283440d51_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ffa3406ab49182d7f71d95273cc110fd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{6ec2dc77-fcaf-11df-9331-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{6ec2dc83-fcaf-11df-9331-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{6ec2dcc8-fcaf-11df-9331-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{8a035485-ffef-11df-91cf-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{8a035488-ffef-11df-91cf-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{97190cd4-fd7d-11df-a02a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{97190d0a-fd7d-11df-a02a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{97190d2d-fd7d-11df-a02a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{adefe865-003d-11e0-80a2-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{adefe86b-003d-11e0-80a2-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{d88537f9-f73b-11df-8e2a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{d8853809-f73b-11df-8e2a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{e996e2e6-fc2c-11df-93e8-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{e996e2ec-fc2c-11df-93e8-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{eefd0bd1-fb0c-11df-bc4b-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\System Volume Information\{eefd0bf8-fb0c-11df-bc4b-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
    C:\Temp\HP_WebRelease\setup\redisco\test.txt » MIME - is OK (internal scanning not performed)
    C:\Users\All Users\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMinst.exe » NSIS - bad archive
    C:\Users\All Users\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMLang.exe » NSIS - bad archive
    C:\Users\All Users\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\tbsetup.exe » NSIS - bad archive
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0269e9d91b9c2c68b757a2001b84bc1a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0959080a8da7c37b3f4c7a47ca57c758_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0d09d85bdc09d6bfe1e0ce708efaaaf4_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0fd86f8ae2679167c8d0e8bd63aca1b1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\180f4a1d30b0b1aa4871403cd4c737d3_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\18fd479d765692740c13e89301d804c5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\19754e2b796466645cacd2dd7954679c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\25a3cb5b29f2af06fc4563121a54769c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\29f4a71f82ca7967e9d6babe62c8d88c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3515bc3c43e9fd8b3d2d11fcddfdfa3c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3a399d62cb21a66ca60a57e9c1cb980e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4071709ffa6881d996cf4bc11b7bff9e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\448e9ce4f5b3ab1f5f10445e1b73b1c8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\466f4be56963042c378e776c3e2441f8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5b01b57a6fb6b06376436d45a2e5a6d5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5df94ec4ea6e7c021d2b999cdf5628b0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ca49397dad5ce4961ae6aea19018811_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ff75cdee029c0f62b1d3868938cdc7a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84a98b458f4887aefecfe24b1e673200_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\88568acce626b42e06604fd3d478ac05_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8c2065b42db67aac9ced7339b91f7daa_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8eda83430e3298c687074c9fe1c673c9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8efec56dbe88f77f5a7acb492f7e9c3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8fd87b03d5e696db7d407e6db12fe24f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\96e3b8f13f2227f97f6a83f2b10bd9a1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9cb237abbb504b21f285695d612fa90b_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9d640080f2cc0fc9a23db6ab21b2f99c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9f576d18138d21ec78c34260b48c13b7_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a3c785342c76dd64ee140012a10425cd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ae4b3e3c2a590f5a7032c33319dc3f3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b267b6693e6ef0c9ee19866468ea8854_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b94029ee6a6582ae8370650dcf747096_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc3e0f28d9739113322187897c0a84f9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf34db8aa5a90ffb71479a34e90bfcd0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c36313b74d27edfb94f66fe6d0b46fb1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c75002f3a2a11b464ff780b12923820e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c88be22c1ff839eb4719aa67085a3bdf_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca0843bcdda4470e495b3fcfd91823dd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cada5ad018177de5f548733a7e3fa2d8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cf5c7806bfe97c081942da680e378278_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d246878be80d73696b72e1c0ce563738_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d7a075ab4539437d2843ce8fe6df8aea_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d9ab8b66f6a5390fe6f2d3f4f46dbedb_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e71e6b193fa552d0a61e1bf87295081d_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f1a152155b67dd92f9bae8d1a04eb1af_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f25896945e8a8c140e5d27162d496fe8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\faa5ea375912252cea3269d7358d9697_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fd4589cf37fa76c3b7b1d4e283440d51_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ffa3406ab49182d7f71d95273cc110fd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
    C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
    C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
    C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
    C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
    C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Angelia\AppData\Local\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Angelia\AppData\Local\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Angelia\AppData\Roaming\Mozilla\Firefox\Profiles\a7sue9v6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\ntuser.dat - error opening [4]
    C:\Users\Jon\ntuser.dat.LOG1 - error opening [4]
    C:\Users\Jon\ntuser.dat.LOG2 - error opening [4]
    C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
    C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
    C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
    C:\Users\Jon\AppData\Local\Microsoft\Windows Mail\Local Folders\Drafts\4F13487A-00000001.eml » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\73F7483A-00000001.eml » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\LocalLow\Arc5175.tmp\InstallBAM.exe » NSIS » setup.exe » WISE » ReportAgentInstaller.exe » NSIS - bad archive
    C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\parent.lock - error opening [4]
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\autofillForms@blueimp.net\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-26-2009 - 00-53-47.SBU » ZIP » backup.db - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-15-2010 - 23-07-34.SBU » ZIP » backup.db - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 01-26-43.SBU » ZIP » backup.db - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {20DB7385-99C2-4C1D-A513-100F29138E0B} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {41E7AEFE-33B8-4FC0-B170-50C6818D2A88} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {4EB12617-E880-44A3-AEFF-627C13A9CE64} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {70A19B08-CE29-4A5D-84BB-4D8460F63EA7} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {8208FDCE-7E17-4F15-87C4-2056DBC65C98} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {8F8CAE21-3E4E-41E3-A9A5-41C26513AA42} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {9447B105-A140-4084-852B-91519BA37883} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {98F1E7E1-C837-4549-8E7C-F8ABD1CF89D9} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {AE8566DF-3C2C-49EF-AF4A-3DBE12736105} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {BBCFA8BA-735D-40BD-BD6C-B043E5B5EAAC} - error - password-protected file
    C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » backup.db - error - password-protected file
    C:\Users\Jon\Desktop\7z465.exe » NSIS - incorrect CRC checksum, the file may be damaged
    C:\Users\Jon\Desktop\Install Files\blank-invoice-ms-word-2003.zip - error opening [4]
    C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » tabctl32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » FacepartyCommenter 1.3.93.exe - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » MSINET.OCX - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/browser.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Install Files\Install_AIM.exe » NSIS - bad archive
    C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0012.bin » NSIS - bad archive
    C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0039.bin » NSIS - incorrect CRC checksum, the file may be damaged
    C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0074.bin » NSIS - bad archive
    C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0078.bin » INNO » - unsupported option
    C:\Users\Jon\Desktop\Install Files\nomorecookiesinstall - Shortcut.lnk - error opening [4]
    C:\Users\Jon\Desktop\Install Files\PowerISO43.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\setup_magicdisc.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\Setup_MagicISO.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » ssa3d30.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » RICHTX32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\Install Files\spybotsd152.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\SUPERAntiSpyware.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\TPS21Essentials_Setup.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\utorrent.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\vidalia-bundle-0.1.2.19-0.0.16.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\zaSetup_en.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\zlsSetup_71_078_000_en.exe - error opening [4]
    C:\Users\Jon\Desktop\Install Files\Office 2003\Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Install Files\Office 2003\Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Install Files\Office 2003\Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Install Files\Office 2003\OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Install Files\Office 2003\FILES\OSP\1033\IE5\EN\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Install Files\Office 2003\FILES\OSP\1033\IE5\EN\IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
    C:\Users\Jon\Desktop\InstantLeadMagnet\InstantLeadMagnetSetup.exe » INNO » file0007.bin » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\InstantLeadMagnet\InstantLeadMagnetSetup.exe » INNO » file0009.bin » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » KeithJones.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » PatriciaAladin.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » JosephWolosyk.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » MaribelAcuna.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » HaroldDarbin.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » VictorMichelini.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AngelaSingleton.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » JasmineTatum.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » CollinHarvey.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » SherriFerrell.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » NoelSanchez.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » MariaKennedy.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » EbonyAustin.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AshleeArchibald.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » LorenaLoushin.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » DanaRickel.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ShaniseManning.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » NicoleGrimes.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » NancyKula.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ShavettaSheppard.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » LauraPerez.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ClaytonDickerson.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ElizabethMadison.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » QuintonMartinez.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AlexEllerbe.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » EmmaGingerich.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AnnieDonaldson.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » TonyBrinkley.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » TedBethea.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » FequalyaWright.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » EllenCouch.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » KennethGardner.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/2ndratio.fdb - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/ctrratio.fdb - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/links.fdb - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/on.fdb - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/ref.fdb - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/secs.fdb - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » SSDATA/SS Edit Database.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » This is for you to test/SetupWizardMaster.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » This is the iss output file for the users to download/InstallationWizard.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/alert.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/database.sql - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/readme.txt - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/results.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/results2.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/updateemails.inc.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/updateinfo.inc.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Upload These/bobby3.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Upload These/bobby4.php - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Upload These/rank.html - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these exes for your info.fdb and to make your email list a csv file/Doit.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these exes for your info.fdb and to make your email list a csv file/NameExtractor.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/johnd.iss - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/notepad.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/settings.ini - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/SetupWizard.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » ElementsCreator.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » ElementsCreatorREadME.txt - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » readme.txt - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » MSINET.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS
     
  23. JonD6996

    JonD6996 TS Rookie Topic Starter

    Tools\Gmail AC\GmailAC.zip » ZIP » RICHTX32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » tabctl32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » GmailAC.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » Torrent Sensation.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » MSINET.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » ssa3d30.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\keyword entertainment.mht » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\Wealthy Affiliate 3_0  View topic - First $1000 month - No Adspend!.mht » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\Wealthy Affiliate 3_0  View topic - First Bummarketing Sale!.mht » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\Wealthy Affiliate University auctions.mht » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Adwords Tools\Xtreme_Conversions.rar » RAR » Xtreme Conversions\Get Code\XCV3.1.zip » ZIP » changepwd.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Adwords Tools\Xtreme_Conversions.rar » RAR » Xtreme Conversions\Get Code\XCV3.1.zip » ZIP » forgetpwd.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Adwords Tools\Xtreme_Conversions.rar » RAR » Xtreme Conversions\Get Code\XCV3.1.zip » ZIP » notify.txt » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Hi5 Dominator.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » KewlButtonz.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MCI32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MSINET.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MSMAPI32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » RICHTX32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » ssa3d30.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » DinkITXPUIMenus.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » EnhSliderOcx.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Hi5 AC.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » EnhSliderOcx.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Hi5 AC.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Hi5 Dominator.exe - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » KewlButtonz.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MCI32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MSINET.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MSMAPI32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » RICHTX32.OCX - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » ssa3d30.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » DinkITXPUIMenus.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\en_windows_xp_professional_with_service_pack_3_x86_cd_x14-80428.iso » ISO » MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » CKESP.pdf - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » YahooAnswers2008.pdf - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » Downloads\Music\a3dd1982-3670-45a0-a227-68c2195ff30b.wma - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » Downloads\Simtel\sdvd239.exe - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _F2434C841593479B91848F88A308E433.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _191777295341420E963F011732BBCBB2.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _46FA00553E674332A61FAAB5606E3B25.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _09F227EF33224243BD4EE01D379E6E8F.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _50670C0134A8497D9C8BDFCC02CF0252.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » tabctl32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » Comdlg32.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » FacepartyCommenter 1.3.93.exe - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » MSINET.OCX - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » Mswinsck.ocx - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\FacepartyCommenter 1.3.93.zip » ZIP » FacepartyCommenter 1.3.93.exe - error - password-protected file
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\hidemyip.exe » INNO » file0011.bin » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\hidemyip.zip » ZIP » hidemyip.exe » INNO » file0005.bin » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Install_AIM.exe » NSIS - bad archive
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\DP Business Plan\PrivateLabelEbooks.ace » ACE » PrivateLabelEbooks\Reseller\01 - Guide to Give Away Events\Cover\Cover.psd - archive damaged
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\Income Greed\Promosoft\ProSo.rar » RAR » PromoSoft.exe - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\Income Greed\Promosoft\ProSo.rar » RAR » Crack\promosoft.exe - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\Income Greed\Promosoft\ProSo.rar » RAR » CzW.NFO - Incorrect file checksum (CRC); the file is probably password protected.
    C:\Users\Jon\Desktop\Various Stuff\Training\Grip\KTA\KTA\KTA.rar » RAR » KTA\example2.wmv - incorrect CRC checksum, the file may be damaged
    C:\Users\Jon\Downloads\Bodybuilding.Branch.Warren.Unchained.Raw.Reality.Dvdrip.Xvid-RS\Bodybuilding.Branch.Warren.Unchained.Raw.Reality.Dvdrip.Xvid-RS.rar » RAR » - next archive volume not found
    C:\Windows\Downloaded Program Files\unagiuninst.exe » NSIS - bad archive
    C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
    C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat - error opening [4]
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening [4]
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening [4]
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - error opening [4]
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening [4]
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening [4]
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
    C:\Windows\System32\catroot2\edb.log - error opening [4]
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
    C:\Windows\System32\config\components - error opening [4]
    C:\Windows\System32\config\COMPONENTS.LOG1 - error opening [4]
    C:\Windows\System32\config\COMPONENTS.LOG2 - error opening [4]
    C:\Windows\System32\config\default - error opening [4]
    C:\Windows\System32\config\DEFAULT.LOG1 - error opening [4]
    C:\Windows\System32\config\DEFAULT.LOG2 - error opening [4]
    C:\Windows\System32\config\sam - error opening [4]
    C:\Windows\System32\config\SAM.LOG1 - error opening [4]
    C:\Windows\System32\config\SAM.LOG2 - error opening [4]
    C:\Windows\System32\config\security - error opening [4]
    C:\Windows\System32\config\SECURITY.LOG1 - error opening [4]
    C:\Windows\System32\config\SECURITY.LOG2 - error opening [4]
    C:\Windows\System32\config\software - error opening [4]
    C:\Windows\System32\config\SOFTWARE.LOG1 - error opening [4]
    C:\Windows\System32\config\SOFTWARE.LOG2 - error opening [4]
    C:\Windows\System32\config\system - error opening [4]
    C:\Windows\System32\config\SYSTEM.LOG1 - error opening [4]
    C:\Windows\System32\config\SYSTEM.LOG2 - error opening [4]
    C:\Windows\System32\config\RegBack\COMPONENTS - error opening [4]
    C:\Windows\System32\config\RegBack\DEFAULT - error opening [4]
    C:\Windows\System32\config\RegBack\SAM - error opening [4]
    C:\Windows\System32\config\RegBack\SECURITY - error opening [4]
    C:\Windows\System32\config\RegBack\SOFTWARE - error opening [4]
    C:\Windows\System32\config\RegBack\SYSTEM - error opening [4]
    Number of scanned objects: 984936
    Number of threats found: 0
    Time of completion: 3:56:22 PM Total scanning time: 6617 sec (01:50:17)

    Notes:
    [4] Object cannot be opened. It may be in use by another application or operating system.
     
  24. crunchie

    crunchie Malware Helper Posts: 728

    Looks good.

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...