Inactive Problem with Google Redirecting

J

JonD6996

Posts: 14   +0
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5245

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

12/4/2010 6:52:27 PM
mbam-log-2010-12-04 (18-52-19).txt

Scan type: Quick scan
Objects scanned: 152663
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Windows\andy145.exe (Spyware.Passwords.XGen) -> 2700 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xuri49tkd (Spyware.Passwords.XGen) -> Value: xuri49tkd -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\andy145.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Jon\local settings\application data\10112010146103.xxe (Worm.KoobFace) -> No action taken.
c:\Users\Jon\local settings\application data\1011201014697.xxe (Worm.KoobFace) -> No action taken.
c:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.
c:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
 
Hi and welcome to TechSpot forums :).

====

Please read the directions given here and when done, post the requested logs.
Please paste the logs, do not attach them.

====

Make sure that you remove items found by MBA-M. The log above says that no action was taken.
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-04 20:24:45
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HDP725050GLA360 rev.GM4OA5BA
Running: GMER.exe; Driver: C:\Users\Jon\AppData\Local\Temp\pwrdypow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5BA#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-11-27.01) - NTFSx86
Run by Jon at 19:54:47.00 on Sat 12/04/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3316.2144 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jon\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 174.37.172.128:1080
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [<NO NAME>]
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - c:\program files\no more cookies\No More Cookies.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/gmail
FF - component: c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Autofill Forms: autofillForms@blueimp.net - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\autofillForms@blueimp.net
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\users\jon\appdata\roaming\mozilla\firefox\profiles\pgdwssj7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2010-11-14 79052]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-6 28552]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-4 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-4 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-4 60936]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-21 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-11-2 22016]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 12872]

=============== Created Last 30 ================

2010-12-04 22:08:26 -------- d-----w- c:\users\jon\appdata\roaming\Avira
2010-12-04 22:02:20 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-04 22:02:18 -------- d-----w- c:\program files\Avira
2010-12-04 22:02:18 -------- d-----w- c:\progra~2\Avira
2010-12-04 21:33:05 388096 ----a-r- c:\users\jon\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-04 21:33:04 -------- d-----w- c:\program files\Trend Micro
2010-12-04 21:06:26 -------- d-----w- c:\users\jon\appdata\roaming\Malwarebytes
2010-12-04 21:06:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 21:06:13 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-04 21:06:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 21:06:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 19:23:54 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{529e7e16-7ae6-4abd-8954-7c38645022b6}\mpengine.dll
2010-12-01 19:03:28 -------- d--h--w- c:\progra~2\CanonIJMyPrinter
2010-12-01 06:40:01 -------- d--h--w- c:\progra~2\CanonIJSolutionMenu
2010-12-01 06:39:47 -------- d-----w- c:\progra~2\CanonIJPLM
2010-11-30 21:22:59 -------- d-----w- c:\program files\common files\CANON
2010-11-30 21:19:27 -------- d-----w- c:\program files\Canon
2010-11-30 20:18:57 -------- d-----w- c:\users\jon\appdata\local\ElevatedDiagnostics
2010-11-30 19:56:11 -------- d-----w- c:\program files\Microsoft ATS
2010-11-30 03:28:26 -------- d-----w- c:\program files\DriverFinder
2010-11-30 03:26:54 -------- d-----w- c:\users\jon\appdata\roaming\DriverFinder
2010-11-30 03:26:29 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
2010-11-30 03:26:29 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
2010-11-30 03:24:43 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2010-11-30 03:22:11 303104 ----a-w- c:\windows\system32\CNC250L.dll
2010-11-30 03:22:10 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-11-30 03:22:10 1310720 ----a-w- c:\windows\system32\CNC250C.dll
2010-11-30 03:22:10 110592 ----a-w- c:\windows\system32\CNC250I.dll
2010-11-30 03:22:10 106496 ----a-w- c:\windows\system32\CNC250U.dll
2010-11-15 19:04:31 -------- d-----w- c:\program files\InstantLeadMagnet
2010-11-14 23:24:26 80 --sh--r- c:\windows\system32\DB04031F44.dll
2010-11-14 23:24:26 -------- d-----w- c:\progra~2\Protexis
2010-11-14 23:21:04 79052 ----a-w- c:\windows\system32\drivers\AFS.SYS
2010-11-14 23:21:01 57344 ----a-w- c:\program files\internet explorer\plugins\NPEvery.dll
2010-11-14 23:21:01 233472 ----a-w- c:\program files\internet explorer\plugins\NPExpFTP.dll
2010-11-14 23:21:01 155648 ----a-w- c:\program files\internet explorer\plugins\broderbund\PretzlDn.dll
2010-11-14 23:20:58 -------- d-----w- c:\progra~2\Broderbund Software
2010-11-14 23:20:15 -------- d-----w- c:\program files\Web Publish
2010-11-14 23:20:13 970752 ----a-w- c:\windows\system32\cdintf210.dll
2010-11-14 23:18:58 -------- d-----w- c:\program files\The Print Shop 21
2010-11-12 21:37:40 -------- d-----r- c:\program files\Skype
2010-11-12 18:43:21 -------- d-----w- c:\users\jon\{105a42a6-663c-4719-a852-e274a8dd3a7f}
2010-11-12 18:27:46 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-12 18:27:46 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2010-11-12 18:27:46 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2010-11-12 18:27:45 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2010-11-12 18:27:45 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2010-11-12 18:27:45 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2010-11-12 18:27:45 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-11-12 18:27:45 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-11-12 17:41:06 -------- d-----w- c:\users\jon\appdata\roaming\ubot
2010-11-12 17:40:58 -------- d-----w- c:\users\jon\appdata\local\Xenocode
2010-11-09 18:55:35 -------- d-----w- c:\users\jon\appdata\local\AIM
2010-11-09 18:55:35 -------- d-----w- c:\progra~2\AIM
2010-11-09 18:55:25 -------- d-----w- c:\program files\AIM
2010-11-09 18:55:24 -------- d-----w- c:\program files\common files\Software Update Utility

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 11:18:24 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_HDP725050GLA360 rev.GM4OA5BA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86953555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869597b0]; MOV EAX, [0x8695982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82427F3B] -> \Device\Harddisk0\DR0[0x85A9D830]
3 nt[0x824B07E2] -> ntkrnlpa!IofCallDriver[0x82427F3B] -> [0x84B44928]
5 acpi[0x8046932A] -> ntkrnlpa!IofCallDriver[0x82427F3B] -> [0x85959BB0]
\Driver\atapi[0x865B0118] -> IRP_MJ_CREATE -> 0x86953555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5BA#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 19:55:29.79 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/7/2008 9:12:08 PM
System Uptime: 12/4/2010 7:46:00 PM (0 hours ago)

Motherboard: Dell Inc. | | 0FM586
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 276.891 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.787 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


7-Zip 4.65
AC-3 ACM Decompressor
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.0
AI RoboForm (All Users)
AIM 7
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bonjour
Camtasia Studio 6
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CLHARVester
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Craigslist Ad Responder
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DMR
Download Updater (AOL LLC)
DriverFinder
EasyGmail Creator Suite
Email Address Collector
ESET NOD32 Antivirus
Free Music Zilla
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GYC Automator Beta
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Games Demo
InstantLeadMagnet v1.15
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
KillProcess 2.44
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
MotoConnect 1.1.31
Motorola Mobile Drivers Installation 4.7.1
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
MVision
Nitro PDF Professional
No More Cookies 1.3
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
Panda ActiveScan 2.0
Portal
Product Documentation Launcher
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Skype Toolbars
Skype™ 5.0
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Spybot - Search & Destroy
Star Trek Online
Steam
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Team Fortress 2
TextPad 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Viewpoint Media Player
VLC media player 0.9.9
Windows Media Player Firefox Plugin
Yahoo! Messenger
YmailerXX
ZoneAlarm

==== End Of File ===========================
 
you will need to run it again. Update it first though.

==

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
You need to uninstall the AntiVir anti-virus software as there will be problems running more than one program concurrently.
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5245

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

12/4/2010 11:46:31 PM
mbam-log-2010-12-04 (23-46-31).txt

Scan type: Quick scan
Objects scanned: 152945
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Ok, try this:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
2010/12/05 00:59:46.0021 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 00:59:46.0021 ================================================================================
2010/12/05 00:59:46.0021 SystemInfo:
2010/12/05 00:59:46.0021
2010/12/05 00:59:46.0021 OS Version: 6.0.6000 ServicePack: 0.0
2010/12/05 00:59:46.0021 Product type: Workstation
2010/12/05 00:59:46.0021 ComputerName: JON-PC
2010/12/05 00:59:46.0021 UserName: Jon
2010/12/05 00:59:46.0021 Windows directory: C:\Windows
2010/12/05 00:59:46.0021 System windows directory: C:\Windows
2010/12/05 00:59:46.0021 Processor architecture: Intel x86
2010/12/05 00:59:46.0021 Number of processors: 4
2010/12/05 00:59:46.0021 Page size: 0x1000
2010/12/05 00:59:46.0021 Boot type: Normal boot
2010/12/05 00:59:46.0021 ================================================================================
2010/12/05 00:59:46.0260 Initialize success
2010/12/05 00:59:53.0831 ================================================================================
2010/12/05 00:59:53.0831 Scan started
2010/12/05 00:59:53.0831 Mode: Manual;
2010/12/05 00:59:53.0831 ================================================================================
2010/12/05 00:59:54.0537 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/12/05 00:59:54.0589 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/05 00:59:54.0629 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/05 00:59:54.0656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/05 00:59:54.0681 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/05 00:59:54.0718 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/12/05 00:59:54.0801 AFS (8d0cf8a08034cd3d273c9ffc759b62a6) C:\Windows\system32\drivers\AFS.sys
2010/12/05 00:59:54.0906 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/05 00:59:54.0967 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/05 00:59:55.0025 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2010/12/05 00:59:55.0045 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/05 00:59:55.0069 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2010/12/05 00:59:55.0111 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/05 00:59:55.0137 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/05 00:59:55.0231 AnyDVD (2859c5ec3943911bf1e6458089a75f35) C:\Windows\system32\Drivers\AnyDVD.sys
2010/12/05 00:59:55.0287 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/05 00:59:55.0321 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/05 00:59:55.0397 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/05 00:59:55.0420 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2010/12/05 00:59:55.0470 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/12/05 00:59:55.0503 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/05 00:59:55.0536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/05 00:59:55.0557 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/05 00:59:55.0631 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/05 00:59:55.0651 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/05 00:59:55.0671 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/05 00:59:55.0687 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/05 00:59:55.0705 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/05 00:59:55.0739 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/05 00:59:55.0846 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/05 00:59:55.0866 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/05 00:59:55.0897 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/12/05 00:59:55.0929 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2010/12/05 00:59:55.0942 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2010/12/05 00:59:55.0956 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/05 00:59:55.0977 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/05 00:59:56.0057 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/12/05 00:59:56.0101 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/12/05 00:59:56.0148 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/12/05 00:59:56.0189 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/05 00:59:56.0257 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/05 00:59:56.0287 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/05 00:59:56.0321 eamon (23a6e5a600d3743be536161e9c6f2043) C:\Windows\system32\DRIVERS\eamon.sys
2010/12/05 00:59:56.0352 easdrv (0ed4fa004a79e44df4dbdc85f44fc1fd) C:\Windows\system32\DRIVERS\easdrv.sys
2010/12/05 00:59:56.0438 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/12/05 00:59:56.0498 ElbyCDIO (64664287ca449c060fe46941dd67dd5f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/12/05 00:59:56.0534 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/05 00:59:56.0572 epfwtdir (ccfb3bb29c08fcab134f237743bb0311) C:\Windows\system32\DRIVERS\epfwtdir.sys
2010/12/05 00:59:56.0594 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/12/05 00:59:56.0624 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/05 00:59:56.0650 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/12/05 00:59:56.0673 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/12/05 00:59:56.0755 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/05 00:59:56.0808 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/12/05 00:59:56.0842 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/05 00:59:56.0859 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/05 00:59:56.0882 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/05 00:59:56.0978 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/05 00:59:57.0006 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/05 00:59:57.0025 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/05 00:59:57.0055 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/05 00:59:57.0080 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/05 00:59:57.0127 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2010/12/05 00:59:57.0190 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/05 00:59:57.0224 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/05 00:59:57.0261 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/12/05 00:59:57.0282 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/05 00:59:57.0436 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/05 00:59:57.0488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/05 00:59:57.0617 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/05 00:59:57.0672 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/05 00:59:57.0688 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/05 00:59:57.0755 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/05 00:59:57.0813 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/05 00:59:57.0830 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/05 00:59:57.0856 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/12/05 00:59:57.0877 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/05 00:59:57.0914 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/05 00:59:57.0970 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/05 00:59:58.0002 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/05 00:59:58.0032 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/05 00:59:58.0067 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/05 00:59:58.0111 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/05 00:59:58.0186 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/05 00:59:58.0220 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/05 00:59:58.0239 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/05 00:59:58.0288 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/05 00:59:58.0309 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/12/05 00:59:58.0415 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\Windows\system32\DRIVERS\LVcKap.sys
2010/12/05 00:59:58.0505 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2010/12/05 00:59:58.0623 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2010/12/05 00:59:58.0825 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/12/05 00:59:59.0002 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/05 00:59:59.0024 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/12/05 00:59:59.0101 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/05 00:59:59.0180 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/05 00:59:59.0201 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/05 00:59:59.0234 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/12/05 00:59:59.0264 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/05 00:59:59.0297 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/05 00:59:59.0317 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/05 00:59:59.0359 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/05 00:59:59.0389 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/05 00:59:59.0461 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/12/05 00:59:59.0496 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/05 00:59:59.0527 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/05 00:59:59.0613 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/05 00:59:59.0686 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2010/12/05 00:59:59.0709 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/05 00:59:59.0732 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/12/05 00:59:59.0795 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2010/12/05 00:59:59.0850 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/05 00:59:59.0880 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/05 00:59:59.0895 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/12/05 00:59:59.0918 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/12/05 00:59:59.0934 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/05 00:59:59.0952 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/12/05 00:59:59.0982 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/12/05 01:00:00.0063 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/05 01:00:00.0115 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/12/05 01:00:00.0223 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/05 01:00:00.0279 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/05 01:00:00.0303 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/05 01:00:00.0319 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/12/05 01:00:00.0344 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/05 01:00:00.0367 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/05 01:00:00.0397 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/05 01:00:00.0448 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/12/05 01:00:00.0502 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/05 01:00:00.0547 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/12/05 01:00:00.0586 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/05 01:00:00.0627 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/12/05 01:00:00.0676 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/05 01:00:00.0694 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/05 01:00:00.0718 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/05 01:00:00.0832 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/05 01:00:00.0877 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/05 01:00:00.0934 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
2010/12/05 01:00:00.0955 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/05 01:00:01.0023 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2010/12/05 01:00:01.0098 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2010/12/05 01:00:01.0156 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2010/12/05 01:00:01.0178 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/05 01:00:01.0235 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/05 01:00:01.0314 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/05 01:00:01.0357 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/05 01:00:01.0396 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/05 01:00:01.0458 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/05 01:00:01.0532 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/05 01:00:01.0555 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/05 01:00:01.0575 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/05 01:00:01.0672 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/05 01:00:01.0737 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/05 01:00:01.0803 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/05 01:00:01.0853 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/05 01:00:01.0879 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/05 01:00:01.0892 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/05 01:00:01.0925 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/05 01:00:01.0977 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/05 01:00:02.0012 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2010/12/05 01:00:02.0113 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/05 01:00:02.0198 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/05 01:00:02.0248 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/05 01:00:02.0309 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/05 01:00:02.0327 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/05 01:00:02.0361 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/05 01:00:02.0412 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/05 01:00:02.0460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/05 01:00:02.0494 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/05 01:00:02.0514 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/05 01:00:02.0557 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/12/05 01:00:02.0604 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/12/05 01:00:02.0641 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/05 01:00:02.0663 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/05 01:00:02.0682 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/05 01:00:02.0715 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/05 01:00:02.0737 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/05 01:00:02.0818 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/05 01:00:02.0862 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2010/12/05 01:00:02.0903 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/12/05 01:00:02.0942 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2010/12/05 01:00:02.0970 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/05 01:00:03.0017 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/05 01:00:03.0086 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/05 01:00:03.0143 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/05 01:00:03.0181 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/05 01:00:03.0200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/05 01:00:03.0263 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2010/12/05 01:00:03.0304 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/05 01:00:03.0335 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/05 01:00:03.0361 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/12/05 01:00:03.0403 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/05 01:00:03.0422 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/05 01:00:03.0436 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/05 01:00:03.0478 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/05 01:00:03.0542 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/05 01:00:03.0566 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/05 01:00:03.0607 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/05 01:00:03.0629 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/05 01:00:03.0666 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/05 01:00:03.0692 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/05 01:00:03.0736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/05 01:00:03.0805 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/05 01:00:03.0856 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/05 01:00:03.0940 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/05 01:00:03.0995 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2010/12/05 01:00:04.0079 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/05 01:00:04.0123 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/05 01:00:04.0184 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/05 01:00:04.0218 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/05 01:00:04.0243 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/05 01:00:04.0265 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/05 01:00:04.0359 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/05 01:00:04.0389 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/05 01:00:04.0421 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/05 01:00:04.0481 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/05 01:00:04.0518 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/05 01:00:04.0564 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/12/05 01:00:04.0581 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/05 01:00:04.0610 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/05 01:00:04.0630 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2010/12/05 01:00:04.0653 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2010/12/05 01:00:04.0757 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
2010/12/05 01:00:04.0885 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/12/05 01:00:04.0975 Vsdatant (c86d6640281981fa36b26a91dabf5feb) C:\Windows\system32\DRIVERS\vsdatant.sys
2010/12/05 01:00:05.0007 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/05 01:00:05.0085 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/05 01:00:05.0128 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/05 01:00:05.0154 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/05 01:00:05.0184 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/05 01:00:05.0224 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/05 01:00:05.0316 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/05 01:00:05.0390 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/05 01:00:05.0424 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/05 01:00:05.0472 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/05 01:00:05.0505 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/05 01:00:05.0508 ================================================================================
2010/12/05 01:00:05.0508 Scan finished
2010/12/05 01:00:05.0508 ================================================================================
2010/12/05 01:00:05.0517 Detected object count: 1
2010/12/05 01:00:15.0471 \HardDisk0 - will be cured after reboot
2010/12/05 01:00:15.0472 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
 
Can you run Combofix now? If not try the following to run it:

Make certain that Combofix is on the Desktop first!

  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll
    Click to expand...

    thRunBox_KillAll.jpg


  • Click OK and this will start ComboFix.
  • When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports:
  • ComboFix.txt
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
ComboFix 10-12-04.01 - Jon 12/05/2010 1:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3316.2087 [GMT -6:00]
Running from: c:\users\Jon\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jon\AppData\Roaming\ubot
c:\users\Jon\g2mdlhlpx.exe
c:\windows\system32\DB04031F44.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 07:20 . 2010-12-05 07:30 -------- d-----w- C:\32788R22FWJFW
2010-12-04 21:33 . 2010-12-04 21:33 388096 ----a-r- c:\users\Jon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-04 21:33 . 2010-12-04 21:33 -------- d-----w- c:\program files\Trend Micro
2010-12-04 21:06 . 2010-12-04 21:06 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes
2010-12-04 21:06 . 2010-12-04 21:06 -------- d-----w- c:\programdata\Malwarebytes
2010-12-01 19:23 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{529E7E16-7AE6-4ABD-8954-7C38645022B6}\mpengine.dll
2010-12-01 19:03 . 2010-12-01 19:03 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2010-12-01 06:40 . 2010-12-01 06:40 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2010-12-01 06:39 . 2010-12-04 20:36 -------- d-----w- c:\programdata\CanonIJPLM
2010-11-30 21:22 . 2010-11-30 21:22 -------- d-----w- c:\program files\Common Files\CANON
2010-11-30 21:19 . 2010-12-01 06:39 -------- d-----w- c:\program files\Canon
2010-11-30 20:18 . 2010-11-30 20:18 -------- d-----w- c:\users\Jon\AppData\Local\ElevatedDiagnostics
2010-11-30 19:56 . 2010-11-30 20:00 -------- d-----w- c:\program files\Microsoft ATS
2010-11-30 03:27 . 2010-11-30 03:27 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-11-30 03:26 . 2010-11-30 03:30 -------- d-----w- c:\users\Jon\AppData\Roaming\DriverFinder
2010-11-30 03:26 . 2010-11-30 03:26 -------- d--h--w- c:\programdata\CanonBJ
2010-11-30 03:26 . 2010-04-24 11:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9W.DLL
2010-11-30 03:26 . 2010-04-24 11:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9W.DLL
2010-11-30 03:24 . 2010-04-24 11:00 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2010-11-30 03:22 . 2009-03-11 17:34 303104 ----a-w- c:\windows\system32\CNC250L.dll
2010-11-30 03:22 . 2009-04-03 22:00 1310720 ----a-w- c:\windows\system32\CNC250C.dll
2010-11-30 03:22 . 2009-04-03 21:59 110592 ----a-w- c:\windows\system32\CNC250I.dll
2010-11-30 03:22 . 2009-04-03 21:57 106496 ----a-w- c:\windows\system32\CNC250U.dll
2010-11-30 03:22 . 2008-08-26 00:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-11-15 19:04 . 2010-11-17 03:41 -------- d-----w- c:\program files\InstantLeadMagnet
2010-11-15 19:03 . 2010-11-15 19:03 -------- d-----w- c:\program files\7-Zip
2010-11-15 12:54 . 2010-11-15 12:54 2790864 ----a-w- c:\users\Public\install_flash_player.exe
2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\users\Angelia\AppData\Local\Broderbund Software
2010-11-14 23:24 . 2010-11-16 17:37 -------- d-----w- c:\programdata\Protexis
2010-11-14 23:21 . 2010-11-14 23:21 79052 ----a-w- c:\windows\system32\drivers\AFS.SYS
2010-11-14 23:21 . 2003-06-25 16:18 155648 ----a-w- c:\program files\Internet Explorer\Plugins\Broderbund\PretzlDn.dll
2010-11-14 23:21 . 2003-06-25 16:18 57344 ----a-w- c:\program files\Internet Explorer\Plugins\NPEvery.dll
2010-11-14 23:21 . 2002-06-14 18:06 233472 ----a-w- c:\program files\Internet Explorer\Plugins\NPExpFTP.dll
2010-11-14 23:20 . 2010-11-14 23:20 -------- d-----w- c:\programdata\Broderbund Software
2010-11-14 23:20 . 2010-11-15 18:23 -------- d-----w- c:\program files\Web Publish
2010-11-14 23:20 . 2003-07-08 17:45 970752 ----a-w- c:\windows\system32\cdintf210.dll
2010-11-14 23:18 . 2010-11-30 19:35 -------- d-----w- c:\program files\The Print Shop 21
2010-11-12 21:38 . 2010-11-22 22:04 -------- d-----w- c:\users\Angelia\AppData\Roaming\skypePM
2010-11-12 21:38 . 2010-11-13 02:01 -------- d-----w- c:\users\Jon\AppData\Roaming\Skype
2010-11-12 21:37 . 2010-11-12 21:37 -------- d-----w- c:\program files\Common Files\Skype
2010-11-12 21:37 . 2010-12-05 07:11 -------- d-----r- c:\program files\Skype
2010-11-12 21:37 . 2010-11-28 16:34 -------- d-----w- c:\users\Angelia\AppData\Roaming\Skype
2010-11-12 21:37 . 2010-11-12 21:37 -------- d-----w- c:\programdata\Skype
2010-11-12 18:43 . 2010-11-12 18:43 -------- d-----w- c:\users\Jon\{105a42a6-663c-4719-a852-e274a8dd3a7f}
2010-11-12 18:27 . 2003-11-11 00:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-11-12 18:27 . 2003-11-11 00:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-11-12 18:27 . 2003-11-11 00:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-11-12 18:27 . 2010-11-12 18:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-11-12 18:27 . 2010-11-12 18:27 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-11-12 18:27 . 2003-11-11 00:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-11-12 18:27 . 2003-11-11 00:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-11-12 18:27 . 2003-11-11 00:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-11-12 18:27 . 2010-11-12 18:27 -------- d-----w- c:\programdata\Logitech
2010-11-12 18:25 . 2010-11-12 18:27 -------- d-----w- c:\program files\Logitech
2010-11-12 17:40 . 2010-11-12 17:40 -------- d-----w- c:\users\Jon\AppData\Local\Xenocode
2010-11-09 18:55 . 2010-11-16 18:47 -------- d-----w- c:\users\Jon\AppData\Local\AIM
2010-11-09 18:55 . 2010-11-09 18:55 -------- d-----w- c:\users\Angelia\AppData\Local\AIM
2010-11-09 18:55 . 2010-11-09 18:55 -------- d-----w- c:\programdata\AIM
2010-11-09 18:55 . 2010-11-09 18:55 -------- d-----w- c:\program files\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-10-02 16:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-30 21:25 . 2010-09-30 21:25 30376 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-05 17:08 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-08 02:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk]
path=c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-04-03 21:44 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-04 03:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 16:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 07:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-10-12 23:11 4258136 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-10-02 20:20 4537280 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2008-07-22 16:45 50520 ----a-w- c:\users\Jon\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 16:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2008-02-20 16:06 1443072 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21 141600 ----a-w- c:\program files\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-02-08 07:12 488984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 07:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-28 01:47 16184 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 22:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-07-23 20:54 1271032 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-17 20:59 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-04 19:21 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-08 02:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-21 14:00 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4218118254-907953296-3052221464-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 136176]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-02 9216]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2006-11-02 22016]
S0 AFS;AFS; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-12-16 188736]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 13:46]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 174.37.172.128:1080
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - c:\program files\No More Cookies\No More Cookies.exe
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/gmail
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Autofill Forms: autofillForms@blueimp.net - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\autofillForms@blueimp.net
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SmileboxTray - c:\users\Angelia\AppData\Roaming\Smilebox\SmileboxTray.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{475aafd1-557c-4618-b1e6-32addb7e7cb4}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4b1dc09a-60cf-44f2-8b0e-46857c8b4553}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001d09
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a0d9f07d-68e9-4340-9ac8-aff50b7bebb6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001372
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2010-12-05 01:40:16
ComboFix-quarantined-files.txt 2010-12-05 07:40

Pre-Run: 296,583,180,288 bytes free
Post-Run: 298,342,809,600 bytes free

- - End Of File - - E4B1F10ECA22433D385E82A363995950
 
No worries. Just do a quick online scan to see if anything else shows.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
I could not get the ESET to run. The window just sat on my desktop for a couple hours with no progress after launching it. I did run the Trend Micro Housecall but it did not produce a log I could post here. It just said "No Threat Found" I do have ESET NOD32 installed on my computer and will post the log it produces once it completes a scan.
 
Scan Log
Version of virus signature database: 5675 (20101205)
Date: 12/5/2010 Time: 2:06:05 PM
Scanned disks, folders and files: C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Windows:nlsPreferences - error opening [4]
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\Drivers\video\R167384\LANG\HDMI\esp\license.txt » MIME - is OK (internal scanning not performed)
C:\Drivers\video\R167384\LANG\HDMI\ita\license.txt » MIME - is OK (internal scanning not performed)
C:\Drivers\video\R167384\LANG\HDMI\ptb\license.txt » MIME - is OK (internal scanning not performed)
C:\Drivers\video\R167384\LANG\HDMI\ptg\license.txt » MIME - is OK (internal scanning not performed)
C:\i386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
C:\i386\LANG\PHHLP.HL_ » CAB » phhlp.hlp - archive damaged - the file could not be extracted.
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\AIM\uninst.exe » NSIS - bad archive
C:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe » NSIS - bad archive
C:\Program Files\Common Files\AOL\Loader\alunins.exe » NSIS - bad archive
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.oem.b104\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\logishrd\QCDRV\BIN\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\logishrd\QCDRV\BIN\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\InstantLeadMagnet\bpcateg.gdb » MIME - is OK (internal scanning not performed)
C:\Program Files\InstantLeadMagnet\clcateg.gdb » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\LimeWire.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/limewire.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\OFFICE11\1033\VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe » NSIS - bad archive
C:\Program Files\Steam\SteamApps\jond6996\team fortress 2\tf\cache\cp_smbcastle2.bsp.bz20000 » BZ2 » cp_smbcastle2.bsp.bz20000 - bad archive
C:\Program Files\Steam\SteamApps\jond6996\team fortress 2\tf\cache\surf_machine_remix_v5.bsp.bz20000 » BZ2 » surf_machine_remix_v5.bsp.bz20000 - bad archive
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMinst.exe » NSIS - bad archive
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMLang.exe » NSIS - bad archive
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\tbsetup.exe » NSIS - bad archive
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0269e9d91b9c2c68b757a2001b84bc1a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0959080a8da7c37b3f4c7a47ca57c758_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d09d85bdc09d6bfe1e0ce708efaaaf4_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fd86f8ae2679167c8d0e8bd63aca1b1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\180f4a1d30b0b1aa4871403cd4c737d3_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18fd479d765692740c13e89301d804c5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\19754e2b796466645cacd2dd7954679c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25a3cb5b29f2af06fc4563121a54769c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29f4a71f82ca7967e9d6babe62c8d88c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3515bc3c43e9fd8b3d2d11fcddfdfa3c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a399d62cb21a66ca60a57e9c1cb980e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4071709ffa6881d996cf4bc11b7bff9e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\448e9ce4f5b3ab1f5f10445e1b73b1c8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\466f4be56963042c378e776c3e2441f8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b01b57a6fb6b06376436d45a2e5a6d5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5df94ec4ea6e7c021d2b999cdf5628b0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ca49397dad5ce4961ae6aea19018811_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ff75cdee029c0f62b1d3868938cdc7a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84a98b458f4887aefecfe24b1e673200_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\88568acce626b42e06604fd3d478ac05_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c2065b42db67aac9ced7339b91f7daa_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8eda83430e3298c687074c9fe1c673c9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8efec56dbe88f77f5a7acb492f7e9c3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fd87b03d5e696db7d407e6db12fe24f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\96e3b8f13f2227f97f6a83f2b10bd9a1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cb237abbb504b21f285695d612fa90b_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d640080f2cc0fc9a23db6ab21b2f99c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f576d18138d21ec78c34260b48c13b7_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3c785342c76dd64ee140012a10425cd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae4b3e3c2a590f5a7032c33319dc3f3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b267b6693e6ef0c9ee19866468ea8854_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b94029ee6a6582ae8370650dcf747096_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc3e0f28d9739113322187897c0a84f9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf34db8aa5a90ffb71479a34e90bfcd0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c36313b74d27edfb94f66fe6d0b46fb1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c75002f3a2a11b464ff780b12923820e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c88be22c1ff839eb4719aa67085a3bdf_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca0843bcdda4470e495b3fcfd91823dd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cada5ad018177de5f548733a7e3fa2d8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf5c7806bfe97c081942da680e378278_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d246878be80d73696b72e1c0ce563738_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7a075ab4539437d2843ce8fe6df8aea_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9ab8b66f6a5390fe6f2d3f4f46dbedb_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e71e6b193fa552d0a61e1bf87295081d_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1a152155b67dd92f9bae8d1a04eb1af_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f25896945e8a8c140e5d27162d496fe8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\faa5ea375912252cea3269d7358d9697_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd4589cf37fa76c3b7b1d4e283440d51_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ffa3406ab49182d7f71d95273cc110fd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{6ec2dc77-fcaf-11df-9331-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{6ec2dc83-fcaf-11df-9331-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{6ec2dcc8-fcaf-11df-9331-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{8a035485-ffef-11df-91cf-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{8a035488-ffef-11df-91cf-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{97190cd4-fd7d-11df-a02a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{97190d0a-fd7d-11df-a02a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{97190d2d-fd7d-11df-a02a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{adefe865-003d-11e0-80a2-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{adefe86b-003d-11e0-80a2-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d88537f9-f73b-11df-8e2a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d8853809-f73b-11df-8e2a-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e996e2e6-fc2c-11df-93e8-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e996e2ec-fc2c-11df-93e8-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{eefd0bd1-fb0c-11df-bc4b-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{eefd0bf8-fb0c-11df-bc4b-001d099afb6e}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Temp\HP_WebRelease\setup\redisco\test.txt » MIME - is OK (internal scanning not performed)
C:\Users\All Users\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMinst.exe » NSIS - bad archive
C:\Users\All Users\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMLang.exe » NSIS - bad archive
C:\Users\All Users\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\tbsetup.exe » NSIS - bad archive
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0269e9d91b9c2c68b757a2001b84bc1a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0959080a8da7c37b3f4c7a47ca57c758_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0d09d85bdc09d6bfe1e0ce708efaaaf4_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0fd86f8ae2679167c8d0e8bd63aca1b1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\180f4a1d30b0b1aa4871403cd4c737d3_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\18fd479d765692740c13e89301d804c5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\19754e2b796466645cacd2dd7954679c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\25a3cb5b29f2af06fc4563121a54769c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\29f4a71f82ca7967e9d6babe62c8d88c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3515bc3c43e9fd8b3d2d11fcddfdfa3c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3a399d62cb21a66ca60a57e9c1cb980e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4071709ffa6881d996cf4bc11b7bff9e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\448e9ce4f5b3ab1f5f10445e1b73b1c8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\466f4be56963042c378e776c3e2441f8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5b01b57a6fb6b06376436d45a2e5a6d5_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5df94ec4ea6e7c021d2b999cdf5628b0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ca49397dad5ce4961ae6aea19018811_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ff75cdee029c0f62b1d3868938cdc7a_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84a98b458f4887aefecfe24b1e673200_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\88568acce626b42e06604fd3d478ac05_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8c2065b42db67aac9ced7339b91f7daa_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8eda83430e3298c687074c9fe1c673c9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8efec56dbe88f77f5a7acb492f7e9c3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8fd87b03d5e696db7d407e6db12fe24f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\96e3b8f13f2227f97f6a83f2b10bd9a1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9cb237abbb504b21f285695d612fa90b_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9d640080f2cc0fc9a23db6ab21b2f99c_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9f576d18138d21ec78c34260b48c13b7_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a3c785342c76dd64ee140012a10425cd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ae4b3e3c2a590f5a7032c33319dc3f3f_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b267b6693e6ef0c9ee19866468ea8854_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b94029ee6a6582ae8370650dcf747096_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc3e0f28d9739113322187897c0a84f9_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf34db8aa5a90ffb71479a34e90bfcd0_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c36313b74d27edfb94f66fe6d0b46fb1_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c75002f3a2a11b464ff780b12923820e_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c88be22c1ff839eb4719aa67085a3bdf_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca0843bcdda4470e495b3fcfd91823dd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cada5ad018177de5f548733a7e3fa2d8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cf5c7806bfe97c081942da680e378278_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d246878be80d73696b72e1c0ce563738_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d7a075ab4539437d2843ce8fe6df8aea_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d9ab8b66f6a5390fe6f2d3f4f46dbedb_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e71e6b193fa552d0a61e1bf87295081d_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f1a152155b67dd92f9bae8d1a04eb1af_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f25896945e8a8c140e5d27162d496fe8_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\faa5ea375912252cea3269d7358d9697_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fd4589cf37fa76c3b7b1d4e283440d51_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ffa3406ab49182d7f71d95273cc110fd_199247c0-5a30-45a3-928e-e1378cd1a50d - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Angelia\AppData\Local\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Angelia\AppData\Local\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Angelia\AppData\Roaming\Mozilla\Firefox\Profiles\a7sue9v6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\ntuser.dat - error opening [4]
C:\Users\Jon\ntuser.dat.LOG1 - error opening [4]
C:\Users\Jon\ntuser.dat.LOG2 - error opening [4]
C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Jon\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Jon\AppData\Local\Microsoft\Windows Mail\Local Folders\Drafts\4F13487A-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\73F7483A-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\LocalLow\Arc5175.tmp\InstallBAM.exe » NSIS » setup.exe » WISE » ReportAgentInstaller.exe » NSIS - bad archive
C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\parent.lock - error opening [4]
C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\autofillForms@blueimp.net\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\pgdwssj7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-26-2009 - 00-53-47.SBU » ZIP » backup.db - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-15-2010 - 23-07-34.SBU » ZIP » backup.db - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-27-2008 - 01-26-43.SBU » ZIP » backup.db - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {20DB7385-99C2-4C1D-A513-100F29138E0B} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {41E7AEFE-33B8-4FC0-B170-50C6818D2A88} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {4EB12617-E880-44A3-AEFF-627C13A9CE64} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {70A19B08-CE29-4A5D-84BB-4D8460F63EA7} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {8208FDCE-7E17-4F15-87C4-2056DBC65C98} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {8F8CAE21-3E4E-41E3-A9A5-41C26513AA42} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {9447B105-A140-4084-852B-91519BA37883} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {98F1E7E1-C837-4549-8E7C-F8ABD1CF89D9} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {AE8566DF-3C2C-49EF-AF4A-3DBE12736105} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » {BBCFA8BA-735D-40BD-BD6C-B043E5B5EAAC} - error - password-protected file
C:\Users\Jon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-04-2010 - 14-31-43.SBU » ZIP » backup.db - error - password-protected file
C:\Users\Jon\Desktop\7z465.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Users\Jon\Desktop\Install Files\blank-invoice-ms-word-2003.zip - error opening [4]
C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » tabctl32.ocx - error - password-protected file
C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » FacepartyCommenter 1.3.93.exe - error - password-protected file
C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » MSINET.OCX - error - password-protected file
C:\Users\Jon\Desktop\Install Files\bodeezyupfacnew4567.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/browser.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Install Files\Firefox Setup 2.0.0.14.exe » 7ZIP » nonlocalized/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Install Files\Install_AIM.exe » NSIS - bad archive
C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0012.bin » NSIS - bad archive
C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0039.bin » NSIS - incorrect CRC checksum, the file may be damaged
C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0074.bin » NSIS - bad archive
C:\Users\Jon\Desktop\Install Files\muskcodec.FINAL.v6.0.exe » INNO » file0078.bin » INNO » - unsupported option
C:\Users\Jon\Desktop\Install Files\nomorecookiesinstall - Shortcut.lnk - error opening [4]
C:\Users\Jon\Desktop\Install Files\PowerISO43.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\setup_magicdisc.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\Setup_MagicISO.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » ssa3d30.ocx - error - password-protected file
C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\Install Files\SkyRocket bodeezy666.zip » ZIP » RICHTX32.OCX - error - password-protected file
C:\Users\Jon\Desktop\Install Files\spybotsd152.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\SUPERAntiSpyware.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\TPS21Essentials_Setup.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\utorrent.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\vidalia-bundle-0.1.2.19-0.0.16.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\zaSetup_en.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\zlsSetup_71_078_000_en.exe - error opening [4]
C:\Users\Jon\Desktop\Install Files\Office 2003\Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\Users\Jon\Desktop\Install Files\Office 2003\Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\Users\Jon\Desktop\Install Files\Office 2003\Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Install Files\Office 2003\OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Install Files\Office 2003\FILES\OSP\1033\IE5\EN\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\Users\Jon\Desktop\Install Files\Office 2003\FILES\OSP\1033\IE5\EN\IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\Users\Jon\Desktop\InstantLeadMagnet\InstantLeadMagnetSetup.exe » INNO » file0007.bin » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\InstantLeadMagnet\InstantLeadMagnetSetup.exe » INNO » file0009.bin » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » KeithJones.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » PatriciaAladin.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » JosephWolosyk.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » MaribelAcuna.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » HaroldDarbin.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » VictorMichelini.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AngelaSingleton.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » JasmineTatum.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » CollinHarvey.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » SherriFerrell.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » NoelSanchez.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » MariaKennedy.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » EbonyAustin.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AshleeArchibald.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » LorenaLoushin.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » DanaRickel.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ShaniseManning.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » NicoleGrimes.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » NancyKula.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ShavettaSheppard.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » LauraPerez.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ClaytonDickerson.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » ElizabethMadison.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » QuintonMartinez.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AlexEllerbe.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » EmmaGingerich.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » AnnieDonaldson.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » TonyBrinkley.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » TedBethea.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » FequalyaWright.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » EllenCouch.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\Mystery_Shoppers2.rar » RAR » KennethGardner.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/2ndratio.fdb - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/ctrratio.fdb - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/links.fdb - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/on.fdb - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/ref.fdb - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Edit and upload these/secs.fdb - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » SSDATA/SS Edit Database.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » This is for you to test/SetupWizardMaster.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » This is the iss output file for the users to download/InstallationWizard.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/alert.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/database.sql - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/readme.txt - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/results.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/results2.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/updateemails.inc.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Update!/updateinfo.inc.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Upload These/bobby3.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Upload These/bobby4.php - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Upload These/rank.html - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these exes for your info.fdb and to make your email list a csv file/Doit.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these exes for your info.fdb and to make your email list a csv file/NameExtractor.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/johnd.iss - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/notepad.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/settings.ini - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » Use these to make the install/SetupWizard.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » ElementsCreator.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » ElementsCreatorREadME.txt - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\johnd1234 SS.zip » ZIP » readme.txt - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » MSINET.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS
 
Tools\Gmail AC\GmailAC.zip » ZIP » RICHTX32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » tabctl32.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Gmail AC\GmailAC.zip » ZIP » GmailAC.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » Torrent Sensation.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » MSINET.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Money\SS Tools\Torrent Sensation\TorrentSensation - tOdkenalen.zip » ZIP » ssa3d30.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\keyword entertainment.mht » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\Wealthy Affiliate 3_0  View topic - First $1000 month - No Adspend!.mht » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\Wealthy Affiliate 3_0  View topic - First Bummarketing Sale!.mht » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Newer Guides\WA.rar » RAR » WA\wealthy affliate\Wealthy Affiliate University auctions.mht » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Adwords Tools\Xtreme_Conversions.rar » RAR » Xtreme Conversions\Get Code\XCV3.1.zip » ZIP » changepwd.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Adwords Tools\Xtreme_Conversions.rar » RAR » Xtreme Conversions\Get Code\XCV3.1.zip » ZIP » forgetpwd.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Adwords Tools\Xtreme_Conversions.rar » RAR » Xtreme Conversions\Get Code\XCV3.1.zip » ZIP » notify.txt » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Hi5 Dominator.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » KewlButtonz.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MCI32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MSINET.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » MSMAPI32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » RICHTX32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » ssa3d30.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » DinkITXPUIMenus.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » EnhSliderOcx.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5Dominator.zip » ZIP » Hi5 AC.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » EnhSliderOcx.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Hi5 AC.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Hi5 Dominator.exe - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » KewlButtonz.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MCI32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MSINET.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » MSMAPI32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » RICHTX32.OCX - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » ssa3d30.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\OmegaMarketing\Omega Marketing LLC\Tools\Hi5\Hi5DominatorUpdate.zip » ZIP » DinkITXPUIMenus.ocx - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\en_windows_xp_professional_with_service_pack_3_x86_cd_x14-80428.iso » ISO » MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » CKESP.pdf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » YahooAnswers2008.pdf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » Downloads\Music\a3dd1982-3670-45a0-a227-68c2195ff30b.wma - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\2PowerMarketingEbook.rar » RAR » Downloads\Simtel\sdvd239.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _F2434C841593479B91848F88A308E433.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _191777295341420E963F011732BBCBB2.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _46FA00553E674332A61FAAB5606E3B25.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _09F227EF33224243BD4EE01D379E6E8F.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\adwords_editor_en-US.msi » MSI » _67B63CB1DC14F282B2A7A7C4D36056BD » CAB » _50670C0134A8497D9C8BDFCC02CF0252.0D4F6E7407FB4ADD800DB50C3C72656A » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » tabctl32.ocx - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » Comdlg32.ocx - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » FacepartyCommenter 1.3.93.exe - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » MSCOMCTL.OCX - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » MSINET.OCX - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\bodeezyupfacnew4567.zip » ZIP » Mswinsck.ocx - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\FacepartyCommenter 1.3.93.zip » ZIP » FacepartyCommenter 1.3.93.exe - error - password-protected file
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\hidemyip.exe » INNO » file0011.bin » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\hidemyip.zip » ZIP » hidemyip.exe » INNO » file0005.bin » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Install_AIM.exe » NSIS - bad archive
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Install Files\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage, Publisher 2003).zip » ZIP » Microsoft Office XP Publisher 2003.zip » ZIP » Publisher XP/OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\DP Business Plan\PrivateLabelEbooks.ace » ACE » PrivateLabelEbooks\Reseller\01 - Guide to Give Away Events\Cover\Cover.psd - archive damaged
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\Income Greed\Promosoft\ProSo.rar » RAR » PromoSoft.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\Income Greed\Promosoft\ProSo.rar » RAR » Crack\promosoft.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Tools and Programs\Microsoft\Misc\Laptop Backup\Omega Marketing LLC\Newer Guides\Income Greed\Promosoft\ProSo.rar » RAR » CzW.NFO - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Jon\Desktop\Various Stuff\Training\Grip\KTA\KTA\KTA.rar » RAR » KTA\example2.wmv - incorrect CRC checksum, the file may be damaged
C:\Users\Jon\Downloads\Bodybuilding.Branch.Warren.Unchained.Raw.Reality.Dvdrip.Xvid-RS\Bodybuilding.Branch.Warren.Unchained.Raw.Reality.Dvdrip.Xvid-RS.rar » RAR » - next archive volume not found
C:\Windows\Downloaded Program Files\unagiuninst.exe » NSIS - bad archive
C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\ServiceProfiles\LocalService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\config\components - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG1 - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG2 - error opening [4]
C:\Windows\System32\config\default - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG1 - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG2 - error opening [4]
C:\Windows\System32\config\sam - error opening [4]
C:\Windows\System32\config\SAM.LOG1 - error opening [4]
C:\Windows\System32\config\SAM.LOG2 - error opening [4]
C:\Windows\System32\config\security - error opening [4]
C:\Windows\System32\config\SECURITY.LOG1 - error opening [4]
C:\Windows\System32\config\SECURITY.LOG2 - error opening [4]
C:\Windows\System32\config\software - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - error opening [4]
C:\Windows\System32\config\system - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG1 - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG2 - error opening [4]
C:\Windows\System32\config\RegBack\COMPONENTS - error opening [4]
C:\Windows\System32\config\RegBack\DEFAULT - error opening [4]
C:\Windows\System32\config\RegBack\SAM - error opening [4]
C:\Windows\System32\config\RegBack\SECURITY - error opening [4]
C:\Windows\System32\config\RegBack\SOFTWARE - error opening [4]
C:\Windows\System32\config\RegBack\SYSTEM - error opening [4]
Number of scanned objects: 984936
Number of threats found: 0
Time of completion: 3:56:22 PM Total scanning time: 6617 sec (01:50:17)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 
Looks good.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
 

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
1K
Fastturtle
F
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni

Latest posts

Back