# "Congratulations, You Won!" Audio Virus?



## vivalamusic (Jan 1, 1970)

Hi, I'm new to this website. Anyways, it started yesterday. Even after I exited everything out including my internet browser (Firefox) and all my applications running on my laptop. It keeps saying, "Congratulations, you won!" randomly even if the ad isn't on the page I'm on or if I have nothing up on my laptop. How do you get rid of it?

OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 294097 MB, Free - 204446 MB; E: Total - 11143 MB, Free - 1740 MB;
Motherboard: Wistron, 3612


----------



## Larusso (Aug 9, 2011)

Hy 
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

 First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
 Perform everything in the correct order. Sometimes one step requires the previous one. 
 If you have any problems while you are following my instructions, *Stop* there and tell me the exact nature of your problem. 
 Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
 Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
 If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
 Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
 My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.









Download DDS and save it to your desktop from *here* or *here* or *here*.
Disable any script blocker, and then double click *dds* to run the tool.
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop.
Please post both in your next reply

Please download *Gmer* from *here* and save it to your Desktop.

 Double click on the *randomly named GMER.exe*. If asked to allow gmer.sys driver to load, please consent.
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Uncheck the following ...
 *Sections*
 *IAT/EAT*
 *Drives/Partition other than Systemdrive* (typically C:\)
 *Show All* (don't miss this one)

 Then click the Scan button & wait for it to finish.
 Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

***Caution***
*Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries *

*Please post in your next reply*
dds.txt
attach.txt
ark.txt


----------



## vivalamusic (Jan 1, 1970)

Thank you in advance.

Here is the DDS:


============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Ashley\AppData\Roaming\68991\79146.exe
C:\Users\Ashley\AppData\Roaming\91B86\lvvm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Ashley\AppData\Roaming\Microsoft\4606\F16.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\users\ashley\appdata\roaming\68991\79146.exe
uWindows: Load=c:\users\ashley\appdata\roaming\91b86\lvvm.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Google Update] "c:\users\ashley\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [F16.exe] c:\users\ashley\appdata\roaming\microsoft\4606\F16.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe
mRun: [w8fRZ9hTXjClBzN8234A] c:\windows\system32\AV Protection 2011v121.exe
mRun: [XA0uvS2ib3n5Q6W] c:\users\ashley\appdata\roaming\dwme.exe
mRun: [F16.exe] c:\program files\lp\4606\F16.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D1A7D160-A066-4283-AA6A-D6E291EE1173} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\9j1v10w6.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ashley\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-22 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-26 19:14:58 -------- d-----w- c:\users\ashley\appdata\roaming\SUPERAntiSpyware.com
2011-11-26 19:04:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-26 19:04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-26 19:00:19 -------- d-----w- c:\users\ashley\appdata\roaming\Malwarebytes
2011-11-26 19:00:10 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 19:00:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 19:00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 04:45:27 111616 ----a-w- c:\programdata\Son83Ntr.exe
2011-11-26 04:36:29 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-11-25 23:12:54 111616 ----a-w- c:\windows\system32\03D37iu.com_
2011-11-24 18:41:20 -------- d-----w- c:\program files\PC Tools Security
2011-11-24 18:33:06 -------- d-----w- c:\programdata\PC Tools
2011-11-24 16:16:16 286208 ----a-w- c:\users\ashley\appdata\roaming\firefox.exe
2011-11-24 14:23:41 -------- d-----w- c:\users\ashley\appdata\roaming\QQJ7dEK8gZhXjV
2011-11-24 14:23:41 -------- d-----w- c:\users\ashley\appdata\roaming\klIBtzPNyAu
2011-11-24 14:18:26 -------- d-----w- c:\users\ashley\appdata\roaming\FS2obd8fR9TqUrA
2011-11-24 14:18:25 -------- d-----w- c:\users\ashley\appdata\roaming\J8fRZ9hTXjCIzxu
2011-11-24 14:17:36 286208 ----a-w- c:\users\ashley\appdata\roaming\microsoft\4606\F16.exe
2011-11-24 14:06:08 -------- d-----w- c:\users\ashley\appdata\roaming\pA1uvD2ob4m58R9
2011-11-24 14:06:07 -------- d-----w- c:\users\ashley\appdata\roaming\vK8gRZ9hYwUlBzN
2011-11-24 14:05:59 -------- d-----w- c:\program files\LP
2011-11-24 14:05:54 286208 ----a-w- c:\users\ashley\appdata\roaming\dwme.exe
2011-11-24 14:05:54 -------- d-----w- c:\users\ashley\appdata\roaming\nfRL9hTXqUeIrOy
2011-11-24 14:03:56 -------- d-----w- c:\users\ashley\appdata\roaming\VqhYkeBtz0c1D4m
2011-11-24 14:03:56 -------- d-----w- c:\users\ashley\appdata\roaming\S5sQJ7EK8R
2011-11-23 22:47:50 2835968 ----a-w- c:\users\ashley\appdata\roaming\java.exe
2011-11-23 22:27:49 -------- d-----w- c:\users\ashley\appdata\roaming\XWWK77fEL9
2011-11-23 22:27:49 -------- d-----w- c:\users\ashley\appdata\roaming\jSSS2iibD3pG4QH
2011-11-22 22:16:30 -------- d-----w- c:\users\ashley\appdata\roaming\91B86
2011-11-22 22:16:24 101888 ----a-w- c:\users\ashley\appdata\roaming\microsoft\4606\240E.tmp
2011-11-22 22:16:09 -------- d-----w- c:\users\ashley\appdata\roaming\T3GG44aQH
2011-11-22 22:16:09 -------- d-----w- c:\users\ashley\appdata\roaming\qrrrzOONtxAucSi
2011-11-22 22:15:55 -------- d-----w- c:\users\ashley\appdata\roaming\68991
2011-11-22 22:15:50 -------- d-----w- c:\users\ashley\appdata\roaming\RppnGG4aQH6sK7E
2011-11-22 22:15:48 -------- d-----w- c:\users\ashley\appdata\roaming\mFF44pmG5sQJd
2011-11-22 22:15:47 -------- d-----w- c:\users\ashley\appdata\roaming\dZ99hhYXwjUV
2011-11-22 20:17:49 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3510a141-4214-4d11-8627-a15ae38768b5}\mpengine.dll
2011-11-20 03:43:03 -------- d-----w- c:\program files\iPod
2011-11-20 03:42:57 -------- d-----w- c:\program files\iTunes
2011-11-15 23:01:48 -------- d-----r- c:\program files\Skype
2011-11-14 14:27:26 4335776 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-11-12 18:56:19 -------- d-----w- c:\programdata\AVS4YOU
2011-11-12 18:56:07 -------- d-----w- c:\users\ashley\appdata\roaming\AVS4YOU
2011-11-12 18:53:39 -------- d-----w- c:\program files\common files\AVSMedia
2011-11-12 18:52:03 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-11-12 18:52:02 -------- d-----w- c:\program files\AVS4YOU
2011-11-11 22:07:40 -------- d-----w- c:\programdata\Wondershare
2011-11-11 22:07:11 -------- d-----w- c:\program files\Wondershare
2011-11-08 20:00:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-08 20:00:36 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:00:20 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-11-12 14:21:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 16:31:00 505392 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-11 16:31:00 353840 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-11 16:30:59 1066544 ----a-w- c:\windows\system32\MFC71.dll
2011-09-11 16:30:59 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 15:44:31.86 ===============

Here is the Attach:

==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 199.36 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 1.699 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609a
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
DeviceDiscovery
Download Updater (AOL LLC)
ESU for Microsoft Vista
Google Chrome
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 14.0
HP Officejet 6000 E609 Series
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.2.1300
MapleStory
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
Network
NetZero Preloader
Nexon Game Manager
Norton Internet Security
Power2Go
PowerDirector
ProductContext
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shop for HP Supplies
Skype Click to Call
Skype 5.6
SmartWebPrinting
SolutionCenter
Spotify
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Sims Life Stories
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB934528)
WebReg
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 11:41:45 AM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
11/26/2011 11:21:04 AM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is YOUR-0CDC4F5844.
11/26/2011 10:59:09 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/26/2011 10:59:09 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/26/2011 10:59:09 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/25/2011 3:03:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
11/25/2011 3:03:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
11/25/2011 3:02:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
11/25/2011 11:45:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
11/25/2011 11:44:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
11/24/2011 9:43:43 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 66.159.147.218 with the system having network hardware address 00-18-DE-7A-2E-8C. Network operations on this system may be disrupted as a result.
11/24/2011 9:23:43 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D1A7D160-A066-4283-AA6A-D6E291EE1173} because another computer on the network has the same name. The server could not start.
11/24/2011 9:15:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 69.0.27.239 for the Network Card with network address 00242C1FC72A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/24/2011 9:05:09 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 69.0.27.239 with the system having network hardware address 00-18-DE-7A-2E-8C. Network operations on this system may be disrupted as a result.
11/24/2011 12:55:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/24/2011 11:33:50 PM, Error: disk [11] - The driver detected a controller error on \...\DR1.
11/24/2011 11:33:12 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/23/2011 1:10:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.33.104 for the Network Card with network address 00242C1FC72A has been denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).
11/19/2011 10:39:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
11/19/2011 10:38:43 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 10:38:24 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

The ark.text will be posted shortly after the scan is done.


----------



## Larusso (Aug 9, 2011)

Any problems with Gmer ?


----------



## vivalamusic (Jan 1, 1970)

No, just took a really long time.

Here is the ark.text:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-28 06:20:07 <--- I'm not sure if that's suppose to be there...?
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FEDD640]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC5F6FF803E4B3E49B1502C4AA2A17A6\[email protected] 1065027686

---- Files - GMER 1.0.15 ----

File C:\Users\Ashley\AppData\Local\Mozilla\Firefox\Profiles\9j1v10w6.default\Cache\1\14\40196m01 1361 bytes
File C:\Windows\$NtUninstallKB5054$\1120660564 0 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102 0 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\@ 2048 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\bckfg.tmp 703 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\keywords 0 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\L 0 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\L\qnbwvoto 67072 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\lsflt7.ver  5176 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U 0 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U\[email protected] 1536 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U\[email protected] 224768 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U\[email protected] 1024 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U\[email protected] 12800 bytes
File C:\Windows\$NtUninstallKB5054$\4030260102\U\[email protected] 97792 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\Q84CAFMC2L9CAKYMQXRCA0DSU2LCA0QA5M2CAWBGLNWCAOYD3AYCADZCY7DCAK24AHHCAYL24LJCAAA2BFOCAA2LZG9CA9FX8K1CAXJ3L0DCA8BNAVHCAFYW7MZCAES19TY.htm 445 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\AFZKG00CA9JQYDZCASE0CAWCA5OG2LOCAFEO110CADM5YXECAEV1J4ACA2B6HB7CAEOSCOWCAM2FV7SCAWIJ614CAHGRCQWCAWDSXMLCA5W2NRUCAY3Y8XTCAPRM5W6CARP678M 4475 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\naNy-PS2iP8[1].js 13997 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\W4PCA36QX5NCAIH7ZPNCA3VFMWZCAWH06GFCAEWAD56CALIBY2PCA5QVWNSCASFTD87CAECWT8YCAL5Q3TRCAEKKKNXCA8MYZTMCAAQGI43CA9R13HOCAIBCLTOCASFMV7F.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\AJ6FXDCCAVZ2TMUCAD7WVZBCAZ44RN5CAVHMEKNCALLYMJBCAJF7SXTCAZO7TN7CA7FQ0PFCATA7YB9CAZTWS0ACAH6Q87JCAVDK151CAMBUYQICAJES7BQCAONCAFACAV2W99Q 4463 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\A0L54C0CAI481IVCA0UDR76CA32HD60CAGC20DRCAKT7RWOCA11KJCECAJU5F16CAVZTDITCAJXP27SCA0KWMSNCA3U7V4ICAE0QHY5CAZBO9LHCAEKZZ12CAMAQAL7CALU5CAA 1304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\bounce[2].htm 687 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\3KFCA587952CA0CK9JHCAA51S8TCAHQXVCICA73YN1BCAQYQ46FCA9YAERICA0P7G54CAQU523PCAM5H0U0CATGF7QECABPPISICA86V5SWCADK906YCAP7FU7LCAZEWNZ7.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\AT1WBE7CAR0O0TOCAKOL332CAJ7PAITCASK3NYGCA1Z28Q9CA0CYZKOCA2KJNVQCAP6K8JCCAWPXTXXCA3SAQHYCAF743V4CAGFF529CASD1H4HCA41M2FNCAQXF9CMCAQFPTVM 4469 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\AT4977VCAVGTPEKCAMOZXVTCA8P2X8ACAFFW7AXCAZ2FL33CA8YXWGQCAICDPKNCAP0K3YXCAXU6C6QCA0W9Z1BCA0XA8ZVCAHJ5N5NCAHMA59FCAZ9UFUUCATYIYI8CAMY0D2Z 4185 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\CHYCAMUDYISCA6FN6X2CAJE8GSOCAD8K79UCAL9OB13CAVXFKPYCAY9H9MSCASH2K2NCA3VISE0CAILQW85CABQ66CYCAFRZ2TLCAZDSQ7UCAGZTXD4CA4MCL2ICAC8GXXD.htm 791 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\A19QVA2CAU6CK1SCAQY2DVNCAQLUP10CA6KKTVMCAKUQ1G3CAZGU1QKCAUTAGV2CA6W0OE0CAVARWVHCAX5U0PNCA08XI19CAX30YTNCAJ37Z2ZCA3B26RZCA8KQ5L8CAYNNJHJ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\ajsCABIK6UV.php 5213 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\ajsCAL2QKSY.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\ADWMM1LCAL0IQF3CAOLKDW3CAVJHCR6CAY1V1G5CATEVOQJCA94WX77CAJA3FYECAZA2J0KCAF7S9FTCA7XG1J4CAUZJC51CA1CTGTMCA1SAZKZCALFM63ACA26WUD3CAMUJ8SG 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BUZIJKG\1YPCAXPEWX8CAQ0DN63CAQ1OC20CA4XLRB0CA44FRXCCAIPVSQGCANBSEOOCA5RI5JCCA64E92ICAMFWENICALRJN83CAHHOTYTCAOGMWGLCAK3ZIWSCAWAOB13CAOUU4I8.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\pss01_720x300_0408ext[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\cal-20216088965_1322426665,1240a875540b83a,ads,;;sz=300x250;net=iblocal;env=ifr;ord1=807950;cmw=owl;contx=ads;dc=d;btg=;ord=75102befde[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\AQ2G0J2CAQLNV6CCAC86D64CACSTP6OCA20FP9JCA7ACGPRCAUSSC08CA1Q53TQCAX1BLLACAFKZR0VCA81GO04CA7U2XDLCAZFGGTTCADNRC59CAH5NPUSCA84KFOACAMHZ4PB 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\APAEOPFCAD1N0L8CACGJIUZCAJO5XXBCAKAT112CA54F5KQCA5X31A1CAX440QSCAWKUP9PCA9EPZ2OCA6X4GUVCAEI7G25CAJ19TLOCADCCNGRCAXTANELCADATNWACAXJWFPJ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\A7ITDGNCA10YIIHCAPKRQUQCA3FMJKUCAUDIJWHCAVEY421CA6M7P5ZCAGXQWRHCAXJQ7V6CA6KC793CAXAPDC2CAT801U3CAGT8HQVCABOPTU7CA958Q6SCAD1P6Z3CADJ34I7 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\AE4PFOTCAB84WL0CAZM5754CAJ7JB7HCAMKVQADCAOHN1MYCAE376DZCABMI7F2CAFOBDNFCAP40LGYCA2U9HIWCARI3BWJCA113S2ECAJXRT6ICAK8IWJGCAJT1H9FCAHNRCA8 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\AAMEHLNCAFDHDZLCAM5TEPOCA2477OLCA76E5WXCABMEIV5CARAMF3JCA4KOG7GCA48QECCCA7IX46BCAFI304QCAUFU9MCCAYN70GVCAE0X12QCAA6K0VWCAIRRLM6CAJKA9UW 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\ajsCAJVO3MA.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\eventCA85DWGO.flow 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\A34K10CCAPOPPLQCATW25PVCAFCYN5KCA2KD8CJCALJIFE6CAW2WZ6NCAGKDXDQCAIAVQTICAJIFPJNCAEOOQZ7CAZ8MEX3CADHQ385CAQ5N6N1CAZ3TAFTCANZ7RYZCAH8MSKQ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\ASIQ28RCAQ1K7RXCA04MK2BCAM1NSNCCA1UVQW0CA0DKEYWCAMZ67ONCADF5MLRCA68SXKECASPNP94CAX7QMX9CAYA6T8HCAYHIE52CAI015F6CAZE48DYCAX5RVSICA4VAH94 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\audience;sz=728x90;ord=0fcd98daa5[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\7HYCAN4STQZCAS0TYJLCAB55VSICAJR4Y12CAXNJYX4CAJWTA02CACEPNX6CATQGFOBCAYCIJOOCALJOS1TCAWHXCDKCAL4QQJ0CAFV3L8QCAZWHNS5CAS8TLCHCASOZL30.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\x113[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\AL53N4OCASEVMEGCA58NYZUCAWYOHX8CA3KWEG6CA75NWCICA5ZEV3HCA0ADYYDCACTBYNSCABOKL33CAR22BSYCAD77WUUCAQQNS37CA58JLMOCA4F08W7CAHIR7JCCAUQSS74 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\A82JXEWCAG6YR22CAC6P5J5CAKWQGVPCA3DGKK6CAWBOS5ZCAE9YINQCA6VR5INCAJL2HARCA20AO36CA84PIVQCAB0EW9KCAUG2O4SCABFA5K3CAHW9PX8CAAMJNFNCA3D2SG3 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\ajsCA018B5C.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\ajsCA223D29.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\tag[3].jsp  0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\ajsCATWCCB5.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\ajsCAMDHOIY.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\A69ZWFRCAZP70S1CA12NKYWCALV0VE9CAH53DV2CA6GO4B7CATWN94YCAYS7X6SCAQNRBH9CA7RSK32CA3F2I5NCANVL4P0CA916XV0CARQYWI9CAIBP86KCARPAFPUCA09E13Z 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\A4J5U9ICAOOTBN8CAANJXHWCA1JV9NXCAYK5UQCCAOUJT20CA9MA244CAVESWPWCAKCYMIKCAVC3AH4CA5OO2H2CAWH100HCAVSTF8MCAHGUHUFCA7RR15NCA2L4FZFCAB55N53 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\AHWKJBCCA36215WCAF0LRI4CAICNWLUCA3SAGKYCAZ083ITCADK5V65CA1VM3TOCA4BOVTUCAW5B1JPCA2TR9U7CAECAL8WCAREHQYMCA5OSDCMCA12MIHRCA75B3URCA39JZW6 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FQ93YPB\AQC1DK7CA4348PFCA94WUMZCA196BHACAPPHXF3CAP3RJ2BCAHP1T52CAR00M7YCAYW4YMKCA28CVXJCA2MVYGQCAU5RQLSCAH5HO3NCA9EZ960CAXR05W4CAXSRGCRCA0SI2XJ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49OAZQMC\ca[9] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49OAZQMC\ANLHGXTCAY7I84GCAAN1844CA2382QACAONAYL0CAWHKPBCCAYL2QF1CAP68E2RCAAPI6B1CADAST91CA33X1NZCAV1H184CAGL4RQFCA8X5SG2CA9W2XW0CALPQC7FCAXYMSDS 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49OAZQMC\AM8PXBNCA0SL592CA8LH7BRCAF30Y6UCA0A8PD1CA44V6KCCAJ55DFUCAKABY0ACA1NHHGHCAFWX5HPCAP8QS61CAHI3H29CA8BGZD5CAZYAD3KCAB2BW89CAV2JBP9CAL70GJK 757 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A7VTE5PCANX0K8VCA5P0C26CAWHU606CAFXICY7CAIQASS0CA3TQUPKCA8WXONPCAM2KYR4CA50ZK2ZCAJXUA0JCAH4SRU8CACKV0CHCA7199Z0CA6GEWN2CA1B6VW2CA7KRLKF 1439 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\a612395f84e2ccda3e2f95dde0511b7a[1].gif 17313 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ci[1].png 1525 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A3R7PORCA2UIO0VCA14WR4NCA9APHV7CAJEZGOBCAICB057CATONRHJCA51TLTXCATZ87YQCAJ6PVLBCAH6INKMCAEH9HJHCAF2U4BNCA52HSHTCA7YJ3AKCAWNZU6ZCAWIGKRE 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AR5SGTICARL0D5LCATQAZY2CA9D5I1NCAAX1LCDCAMEEZDACA30B3IHCA4XJY6NCAYVJIJZCA1ENMQMCAVZX5YDCAW0OM7FCA9B3Y22CAORVZF6CAINCPRJCAE04355CAYCJY6N 4466 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\data_sync[3].htm 508 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A06T0AWCAI80M9HCAUERA4KCAUQOZZ8CAEAUTXACAZ19JP7CAVQOTP8CANJLMTRCA8C55CNCAP5EKBICALN3HTDCA5PNURRCASA0KW5CANSK3WOCA2QM8Q1CA3B9G2GCASWFCQF 1411 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A3G3IDQCARU8NHBCAXKXTVXCAZDTX4HCAQ41BWQCATYDLSBCAFV8SGXCA2QMFE3CA259W33CALE1YX6CA1AR5TPCA05XHTACAWDUFSICATDQEKLCAJZEJ3MCAC6RYOHCAHV5FP5 761 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AP6BFE9CAX6B879CAE3E6WYCAX9GUVKCAV0C301CA9OITJOCADK6HDVCA4OIU2LCAXWO1MPCALD8N23CAN9YE6NCAYUGVF6CA1ERTV6CAKA23RDCA733W83CAT5BPVDCA94R91J 763 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AT8LHQPCA8SLKZ2CAJYACJICAO9RFBCCAO5QH88CA6MT90DCAMCNSL1CARKW69ZCAKL6INTCA1D6B1QCA8OHZO8CAOHY9UECA68GZJ5CA6KDXC0CA9Z8543CAQL7KSICAGGOSGU 4472 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ATQ04QECA4M0VFHCAFHBH0YCA0UMKOQCA6HJVTYCAPF1936CA9FACHXCACBP0RDCAXFFF7JCAMCFNABCABKJWI3CA4ABLHKCADTX923CAHGOW1NCAJL0CDXCAEMD39VCA1NXIU2 1037 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\adtrackJ96d70a01ff7d18e221e32fc459fa3166[1].js 8351 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AD01TKPCAGL3412CABVNTVDCA7NKNVQCA0M1718CAVIWC93CA5M54RFCAOWUSCFCAP7Y5QVCA25ME2HCA5WWCIGCAWT61YICAK5XNROCAQ90QB6CAKHVUB8CASUKYZPCAWZG4MF 4182 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AD0AVPWCAF8EJWUCAGO1JA7CA0HDD87CA6W1NTHCA7ZW1TZCAI0ZR07CAC74WFICAA2284VCAP54F3KCADKTAGRCAALEHI6CAWYY1KMCAYICIHRCA5W8XL4CAOSQ7ZECAXV1IJ1 760 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\sports[5] 3560 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\vh[6].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AFSKORZCA2WNCA5CAM5DQ8WCAGHNXP7CA5LUI0KCA84DX1UCA756J0ACAPF7TP6CAJEP1R1CAEB0GYGCAV6S6XXCAJG1K6TCASC7PUZCA7SM399CA3HBW5JCAEAGJNCCAQPSAVR 1024 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A8Y5WYOCA7LMLN1CA6ZWE6VCA1OZOC2CA5YW7FSCA69PEYJCALN6VV1CAL4KSUQCAH70PZACAOIU4ADCA0JAZJ4CAD91DIMCA072W8LCACHGR51CAJ1GW2TCAHVDTE9CA89707E 4457 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AW0Z0A9CAE62FUKCABJ755BCA36MW16CAIJEJYVCA71EZFUCA0UISRYCAPBYH79CAYFM25WCAAT8O2QCABRY9UACAO62JFVCAHMH65ZCAUJD3AQCA1Q41PTCADF22Q9CA7RGL50 1019 bytes
File  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A1O9QMWCA4DEN1WCAX1VOA4CA1NAVFPCARO0TAWCAXI0HR4CA2WG34ZCA0ZLY26CA7SE4SKCAJLIPQMCAUWROWMCAPN2EVNCAZRNSS1CAXMC5I1CAXXPTT3CA8XOJXBCASHFF1R 763 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ACKWLN2CALHLZ93CA1WWZ1VCAAV9WEUCA76JU4WCAED0I0RCACARL5SCACPEFLLCAFD1DYDCA99KHY8CAWEND9KCAYPF85NCA3Q0NTUCAMI6FVDCAX2SBPHCAVS8QOPCAK2Y318 1401 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A97IF3XCA250HOLCAJA6ETOCAQ7UJ9TCASBX1YRCAICZEIOCA9A6DN0CAO0T70CCAJKRD08CAOPT9RICA30W66GCA7M0W3XCAWJY3N4CA02OS8ICA8SAQATCAM1RPYWCADD58P1 895 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\FB7CADOMZ45CA1SYNKOCAKTGDE2CAVC0P1KCA65LGNHCAXGFV66CAVUWXSZCAHHB5YACA5N157GCA0A35STCATIUEMRCAEN0U6ZCAEWTDK9CAC7BF7NCA41G4HICAEMZ12I.htm 523 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ajsCABTX70Y.php 4121 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ajsCAEFA6BC.php 5010 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ajsCAFVR6DM.php 4093 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ajsCAFWEQID.php 5048 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ajsCAG6R4T3.php 5199 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\9FGCADL32FTCAGAZLI8CAV5T42KCA4XOFG7CATKJKNJCAY2HVVUCAUEV3R9CAR1SWV6CA1Z4T59CA6350DZCATBNHAXCA4JT95NCATGOH9BCAT5E91YCAJTJ1FUCAHOAB1I.htm 659 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AUZKFLGCAQMTA7VCAI9NK3MCAQLI1LFCADSVOTRCAG6IE45CAR68BU5CAQS7B39CAP3F0RACAO314L8CA7P3NILCAQHKGPTCAWOHBFUCASS0HPDCAPYD8QVCAFWG2SJCATUVFTO 424 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\ANZTF0VCATJHNTNCAOAIMS1CAJY7PJMCAXJO452CAWWUE9TCANCNGM9CAD3HIBSCAN6RH61CAR7KMA3CAISNIATCAYIKZRMCA8V033TCAPGAXS2CAATU9BJCAMBAVISCAM7XEWK 4184 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A5DOMQ9CARRLHI9CAL0OORFCAJYOTKXCAKP6FC9CAS356UFCAXJY5PCCA0R2DO1CARJS8TSCAMKT0J5CARU07SZCANWVRVFCA23DH3ICAHYACD9CA3RRUZ6CAPWDUH3CAZP37UC 379 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AGEHUCKCASZHXD6CARCDGO8CAYFSU4ACAAZNLANCAO5V09PCAO97QKJCAXOO1LHCA5C57XQCA05524UCA5ZPDVUCA7HF93ECAQHMRF5CAOR0LBSCAJRHBV4CA3365PACADIM9QY 1415 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\audience;sz=160x600;ord=e5131d2201[1] 437 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\audience;sz=300x250;ord=3e351ce8fb[1] 437 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AUEYBM5CA3GOAB6CAKL32SLCA48VLXHCALPI531CAEJNQPUCAAMZ83ICA3GJHAYCA2R538JCA5HHGLECAUWK5L1CAVNR1VICATF40BVCA83AAAHCA2KPN3SCAIY7QXTCAMWO6C1 859 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\acbj[2] 882 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\AH4JTK1CA2AAHGJCA8FH5W1CA5PVSC0CA4NUF1ACAVD5BN8CAN58ZI8CA1P99HYCAEO3BV8CAFP3X1XCAWOZ2YTCAKPIXCZCAEI64RKCA1E7TS2CAFT47U3CAYC47OUCAI6RFHY 1314 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A3HJLRLCA9QOI4CCAA371P9CAKA1SSVCA509M64CAIU8ZMHCAWR9MM4CAZILE7CCATOIR7FCARFPE6XCA17GHVKCAWNR1TOCA1LYUQFCANRV6DECA4DBULPCA233ZBDCAE0FKZO 4475 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\A3MNHBECAMHTF82CAALSUWVCABVA4GWCAG7J36YCAQT71RUCATJ69GICAMEQCYGCAKJFPHVCA7ENN24CA94GHXXCA86ME7RCAVU0SYYCAURXP08CASCX668CAMPV917CAQD0YZW 1047 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SPMBM3M\YUPCA55N2PJCAOMWME5CAY6CTDDCAFQIRJ8CAIU580OCA7NPSXUCAMJU8S9CATTV5ZFCA6KJ8KUCA7OLFT5CAKEZ047CALO09T7CA3EBYCQCAZ5GU3QCAKZQBG3CAFL045B.htm 290 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\json[3] 28 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\json[4] 28 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\ABTELNNCAP7N8RWCAYY2X3DCATZPX81CAQLVHRNCA6T1JA8CA49GLQYCA3SNRZSCA791PV2CABCB3FZCA7DFDC5CA5HFOHRCAEXZDDUCAICOEYQCA98BB1VCAA54GARCAUDGZID 760 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\DZICAZB5N9KCAQRC58DCAH1XZODCAVAUDZGCAOPK8Q3CAZJZAGQCAWHENY1CATT3Q0CCAE31HB4CAYZITTXCAGMWPB7CA7O1THGCA6J5GR4CASW83TWCAPGZJW3CAFVURF7.htm 1603 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\mickle_tier2_atf[2] 1402 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\display[1].htm 8322 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\FFMCAWZM7NICAOAZUJ8CABMYK0PCAGSGWW1CAK4PE10CA1RYY8RCAQVIGIACAJ236EHCA1K1TYRCALC7T87CAEXFYTJCAGPB2R6CAQD639QCA4K9THMCAN57C39CANJMB8N.htm 507 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\aa9346b8c886174e9c84e7c75d4b0176[1].jpg 27299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\ARHTLOOCAULEUELCABH4Q81CA1DQ4SGCADRYYV8CAIM4RLNCA1RXL1WCA26QL5SCAPHTPZWCAABK9T1CAIAJX01CA21RU9XCALDUHRGCARMKUATCA65T8OYCAFPHSC2CAY3ZE5X 1420 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\EE2CAGCVB56CAS1VOI8CA55J9RBCAHCCMS2CA2KPX6YCAEVF23KCA2RG5VACAPUOUZ8CA8VKE69CAY2X6K5CAXL9XI9CAENRC95CAQCQT1BCAO29S33CA5UHFCPCA21YI0Q.htm 739 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\visit[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\WLPCA9GPFFFCA10X7OJCAN2N73ECAZKEMNRCAWS95ECCATNCXGNCAWZ1IU0CAKYW0YLCA8UA43LCARPJ7PKCAQTCTWHCA79YM6JCAMAD7MHCA8HP2GNCA1RVF9ICAURQLUK.htm 867 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\ajsCA7G8R6M.php 5207 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\ajsCA8B97Y0.php 3613 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\AUKYDSUCA0FBHWLCAUD7RTYCA73CGA5CAYY59V6CAPAQOWOCA0OBIYJCAANHK2KCAL6BHPNCAK6SFDDCAJ333U3CAW88YRACA20VCVNCA7WVR4YCALDV0WYCAJK6LVACA6RA8G0 900 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\48f2a1e5acd06b7d92fcfe166036728b[1].jpg 3647 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\aT02MixzPTcyOHg5MCxuPWlmcmFtZSxiPTA=[1].htm 532 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\j[4].ad 372 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\A3ZJFX8CABUYW40CAI677J2CAJU78JWCATR2N31CATYXFYCCA3ZI8EZCA2EIGIOCAZHTGI3CAF9MHDZCARAUA46CADW0CWZCAS6829ZCAPIXYIPCA1YB4AZCAEATSY2CAAJ3OY0 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\AVLMVD8CA7C12WLCAQ9OAMSCAE0QJLHCAIUE3LBCAAA1B5YCALB4IN7CA3Y6ZJQCACIYR4MCABBD0C3CAAL7SAHCAF58501CAOKKWTMCA9K7FPPCARGJLY2CA1UT533CAOORV04 768 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\2H5CAKZ8TDCCAW5XZ1ACA38SXNHCAK6EUA2CAD9KYZDCAYHP8B4CAC4STU4CAQ0VW6QCA4X4NMSCAN1D8BPCAE2E8BTCA0G7SARCAKKTVJUCAGOH0JSCAFF52GDCABJOBMC.htm 542 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\AU21YR8CA4LKBRACATTU5O0CA6B9GDSCAHNSFJ7CAODVDHYCA54GZ2NCA7IV8FJCAGL0ABICAZMC00XCAAOFUN4CA873N5ZCATLSOA1CAZ0IOPACAE0WN05CAM6IP9OCAW6PG4Y 4460 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\A8X0GFICA9OCZJNCANB4JTNCADKIJ13CAG3ADV9CA3OBOI6CAJG3APVCA6K1QW1CAS03IW5CAJB7SPFCADYOK3CCAA66DN9CALGMACPCA3WQG0KCA7QXQ3WCAFN61HGCAVU8D4I 4451 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\AVJY7ZWCASGY44CCA4F4D2SCAI59H2VCAARRW88CAMUE67XCAU128E8CA2429W4CAJB4OSBCANYTWO1CAB3442ACA5SE3QLCA412CWLCAOMAIQ2CAMNTM5SCA954KETCA0X2KWV 4472 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\A6SX3V9CAN1OI7LCA0JBBMQCAY3ICAVCAU6XILLCA8MAPD0CAYWR7SSCA0LE5KSCAINJWG3CAZGPANYCAA0VJKECAJZNGIRCAXRZDL2CA59NRU6CAYXLJHECAMW6WJVCAQ6K2RN 757 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\afrCAJQJNDJ.htm 1633 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\AFAF8O5CAALDGOGCAG455VOCAS0AL4QCALU82LSCAV3QVQ1CAUTY08ICAF93O53CAA2SVPDCA1WDMENCAX2BH0ECAG73PT8CAY6ZB4MCASD2ZC8CA6ZO774CARPZ0UKCAWB4OK1 928 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62DP53MA\AIMGJMUCAFHIFWGCA4LJWXWCAGPWRHZCA859N74CA9X1XU0CABYP324CAHGE3BMCABJ6J72CADHPCU7CA3ESE8ICACSV9L7CAP8IEZTCAFF17M1CAO1G6U6CAUZMFSTCAD1J41Y 4457 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\PID_1827007_SpiritOfSpringfield_300x250_r5_fl[1].swf 58965 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\clk[1] 38812 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\QGCCA8DL03KCAX8Z1DZCACC2OX9CA4VZK9PCA5ISX5BCAGKN0JACA6P4XXPCAUGRH6YCA19OJ7ACANQ8KBFCA1R4Q3RCA1TFYELCA9H1K7FCA3W4MJ8CA8Q36PFCAR3PHXA.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\A7B3K8VCAS8L774CAU472HECAFACEJ1CAC33NSCCABGCE6ACABWZJAKCA4PBXSICAJQLGY5CAW1CA0LCALMON92CAVCBYI3CA0BAEVQCAUWPFG5CABLE1AMCAK6JPB3CA3RAMOH 914 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\15ZCAQPUT18CATTBRH9CAN90F79CA2HUHF9CAI8OVV1CAH7SHAOCAY1R1EHCAFSMO9SCA0DRRNBCAWWH6RPCARPJO8OCAF0SS2YCABC4F1OCA5FMZNLCAAYNV2XCAPAHA5U.htm 69 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ALZ7BMCCAU8MIISCA2APYSPCAU0KR63CA932I86CA6VNNQ6CAG85FCNCA3TFQNVCAZDX2STCAXI0LQJCAH5HP3JCA75XB5OCAMQWDSPCAJE1N13CA31VLXECAQUJMW0CAOVL4AE 1400 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\A9X9ON7CA4V1N9TCAM9PWXZCA3DC09YCAAQ1SBOCA7HJU6LCA6E4HKVCA084B5ICA3NDDSGCAYCV0PACAG6456ACAE1E3XZCA8MO5EVCAVCW3K3CA961VE7CAT2YGM6CAMINVF8 1861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AR52Y25CA12888OCADOJPK4CADA5ICFCA0CYW0NCA2H07GPCA7LNIW2CA8V1HMXCAQCPBAJCAS9OT52CAAT7H4SCAUVNIH8CABM9OR9CAA15TRXCATZOY3HCAZD8N98CA3UK9TS 4469 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\A5N1DU7CALXQ09ZCANC3REFCA6DCQFBCA6FV0L7CAOMZO9BCAWFVV6YCA0PZXLKCAV40ZX4CANU38R0CA6U58X4CAEOMP4RCAITX2K3CA7TY9S6CAMV720ECAV2IZ34CA8T2YO6 4466 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ATWREYCCAI62YSZCARYISYLCAIBTIG7CA09HR42CAARKFH1CA5ZL20VCAA8B0I1CACQUNGBCAXQ2QYDCAGBJVOSCAEI0KYRCA1C4X2QCAPAYNM2CAZX2QU4CA2AX679CAD7V16G 4184 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AdServerServlet[1].htm 1854 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AdServerServlet[2].htm 2703 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\JS[3].htm 1358 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AEM12YOCAIQ2ZU0CAMQK1WFCAP1CH3RCAVRLFOBCA3OZ6P6CASYKFYVCAI4WH8JCAH4WABOCAK8AEXPCAV3AL34CAU54T6ZCA5MD2UBCALC5AOICARZ4OF8CAEM6X1ACAOQE094 893 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\A856U0ZCAFOX05ZCA9JFVV2CAOHMEU2CA2BJTBHCAR0V596CA9GPNETCANGPGT6CA82KHZ4CAP9YX9KCASI0MY6CAKW38CLCAA6WIL0CA0CPW9FCA9LKI9CCA7EWC8JCA1H43Y9 901 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\3SDCAZ42TUGCAJAX98NCAEDAWJUCATU5JUMCAC1EEQTCAUT0C4TCA6WQSZUCA7UD5C7CAGD7N8ZCA9RIAN0CAXL7ZVGCAG7SPCVCAN31PNGCAPVP7Q6CA7BE2ETCAINU5AI.htm 499 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\audience;sz=728x90;ord=c9e5d49459[1]  436 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ajsCA8N8ZMA.php 3881 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ajsCAEMURQA.php 4076 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ajsCAF5Y3AE.php 3557 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ddcCA1OJJKH.htm 11257 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AMTRX39CAWLN4JTCAHLVA85CA8KWG85CA717ORYCAWB0M7GCAZ6SG6QCA3VGRV4CAPFOS0YCAL0LLM4CA3507GPCAIG17S3CAFYEIB3CADUZC80CAMKDLN2CA1TRXYCCAXKE4NO 1292 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AX47J0TCAVP0IZICADTF0OGCABBSTPHCAYB4QQ3CATJBS88CACA9VAICAF5TE66CAPM7U5ACAES8DUTCAOELG0JCA249X6JCAZGDX01CAZ0WQI2CATRDSUFCASAX6MOCA2B147R 892 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ajsCAMSV78V.php 3872 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ajsCANG31DM.php 5189 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\ajsCAZJ6BE6.php 4000 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\V66CASPJ1HNCARFNZ7XCALW3KGWCAA3QSIECAF9LFT6CA9H7IOKCAO51CTDCATNLU0ICABDJVC9CA0X9OFKCAB8UKOKCA0N1ZZPCADW1FVECA48YFPLCA4QKFKACAZEE5J1.htm 444 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AHRMH3ICAP8VRYWCACPD45ACACHO0JZCA114FQGCAY4XRDBCAYK3YD6CAC0S04XCAK57MS9CANBIQEYCABDFTLKCAULNJAWCAK44H8XCAG5PG4ECA2QOEL8CAPOFUI5CAT6P1QH 4469 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\AHA64I9CASFXUAUCAYO8FQUCA1I3XERCAG7923QCANYHCAQCAAZY5PUCA6KHIGECAHJBC1LCA6CDX91CAWIPIEQCAOMZ52WCAW7YKYLCANWM5E2CAOLZXA3CA8GQC3QCA71XZU5 845 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\N9VCAS62VE1CAC6T606CAV3TDQLCAE2DB87CAATRMA1CAL0E3CTCARSV3VMCAPDGSNFCAKJCYRDCAZRC2K7CAV0B5EUCABRNIKPCA738MKFCAJOE4Y3CA8SYF72CA75U38B.htm 792 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1YAE5D\SNNCAP87MC3CAGIEW33CACLEB1RCA5LTQT5CACYE5QOCAD9EO5ECAQ3A1PLCAX72JN8CA35SAD9CAQCVVJLCA7XBI68CAIQPHWBCAVHVA2LCAAZYKG4CALIXS57CAU1WMTW.htm 69 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4TZZCPE\background_gradient[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4TZZCPE\AP52UP9CASK1MP5CAZXOGMTCA208R98CABNFT4VCAXC15GJCASP46Q8CA6OWXOECALJQPQDCAYL2JBDCAJGDPBRCAGYQBX2CA3C0BQWCAL8A2DXCALJOOP6CAAI8NTUCA11ZV7X 1304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AZYWAWVCAQ22X2CCAA5LA46CAZKSTPGCAHQ2C45CAMLA35LCAXFZP14CAX9VZ48CAW58MVPCAJI9N5CCA82W79LCAVSQSL8CAZZEDNQCAE4IRK8CAEOJIC9CAYQHES4CAHYFTFB 1860 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\json[4] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\jstag[1] 1454 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AG0B8UXCA1QVPPECAFLIT6BCA07V9SMCASJUQ3HCASFKCKQCA91G6ESCA0O0888CAWQAGV5CASO5ZXOCAY5K4TXCAQ89BN4CA6G7PJ6CAL3QLY4CACFO3HBCAPAPAGVCALVRPLC 753 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\x[1].gif 44 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\A5LHV3HCA0MC93CCA3VI7T6CADOJHXVCA3F78U0CA5HVKSZCAPC31YQCAS3QUXBCADRG79MCARTZC52CABLLAN2CAJBB8R6CAYY6R0ICAN7LWFBCAI2VHAOCA5XMZS3CAREQ7U8 4463 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AYOJRTVCAWRLFMHCA5LJTAXCATY8TFTCAI12M35CAP7W2YXCA8VJWG5CAZV3894CAZIE29RCA0KDQ1OCAGUYNGHCA7M15KJCAHC0PP0CAOV1RP1CA17X046CASJST1NCA1LSQEV 165 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\A9XBN09CAZ974F1CAHAUICYCAPIXI0HCASD8B3ECAARUY2ECA45NXAHCAKIIPTTCAB00VN3CAXJAWQTCAQJFH0ACAZ6PA3ICA1OAMJZCAFW9OIHCA74EJS0CA3DHWMWCAFHWZK9 893 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AC6FPMMCAQAHXHWCAMM17CPCA9QPZDWCA1JTR40CAE19LH2CAV4AQDWCA8DBPPICALI2UTYCAPW0NHZCATMZ2GFCAEGC0GGCAL8RLE0CAP7T41OCAJ7M6RACAK1DDO2CADRC4IX 1545 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AC91PPKCATY6BXYCAKUD2VSCA3KS8TVCA0U8FG1CA0AVJ9GCAFG9PJ8CAPN75MGCAXZVGS8CA56L9D0CA95IB5MCA8PK7BLCASKRB04CAUMK8GDCACRY509CATG8ZT2CABB5E3H 764 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\5VRCACY90LYCAH41D56CAIS55CLCABB3U2ECA9KRT6JCA4L5BP1CAN060DHCAVAJ6ZOCAIBBUROCAWHZ0TUCA8RMATKCA1GDUYBCAEO02QICA1600BSCA0G86WACA1W7BNH.htm 507 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\M3JCAT28QHVCASGPKD8CAPDICJ1CAM5VO23CAQ0FUOSCAY17F70CAB80191CA51CJDMCAGVO9O1CAJTXANHCAKL0D1ACA6OMQ35CAXRJQQOCAA4LL2HCAR6GMFSCA09ZYEC.htm 507 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AJ77ZJWCAZY85WNCA5T66VUCAKY56S3CACUCB5XCA81EVEFCA8JFOQ9CA39WGL0CAKTIJCJCAW46WGBCAIIWV9QCAOM6DFTCAIMBLDYCAYC1U30CAK2538XCA8HOAQSCAPLUJ9P 893 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\AKTRBQVCABJ0V1YCAMWEPL1CAOQRICNCA2BQVVUCAAIW3Q4CA2BGQ2WCAWQR5VRCAG6LJ0ZCAFGL95OCAC4CW5QCAGTGP38CA2KZ0SNCAZHGVK9CAY1ONG0CA1YQ0Q6CAURV0NY 4496 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\audience;sz=160x600;ord=ece1a9e3c2[1] 437 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\audience;sz=160x600;ord=f3d88bbefc[1] 437 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\user-match[1].htm 11 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\ajsCAJGD3GB.php 4290 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\ajsCAN7JXTQ.php 4238 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKYYBN3C\ajsCA6TK4LC.php 4216 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\httpErrorPagesScripts[1] 7579 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\AN1KXVXCA814J2KCA5DTO83CAJ311BHCAPKYHV7CA3YFT4OCAT3AEDOCAFKEN0OCAXN5EUJCAGWLRMKCA7CDU3SCAXZ27KCCADTRFQFCA37DP1OCAASFL7KCAQIWOWWCAZWPON9 897 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\vj[6] 2342 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\146_185_250_210[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\AC5088LCABRNIOLCASU512DCAGKTLHSCACJ0JM1CA76OALICA0SHASUCA4XRYJCCAZLMRF7CA6PQJKTCA4S6P9YCASENNJNCAIF1G8JCARCQKCECASK7HZACA8CWGM0CA6BC27C 1861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\ajsCAYHBWSO.php 3890 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\ros_partners_affiliate_896731[4].htm 1302 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\A24C0KMCAP0YUY1CAMJT7I6CA04ZQFSCAZPG939CA69KXZECA7EOUDUCAR40AESCAS9ZUD8CA93RT4LCAW0HLKECAM8MWFICAW8DP5OCAEQJTVTCAP4CDWHCA9F6KCRCA4N38JD 764 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\A4PN2LUCAT42X8GCA0YLAUWCAWHKXTTCAN34GFLCALFIGP0CAYXQPQPCA78F0J6CAB9AY60CAJOLDAYCAQ2UW1PCAJ9C17MCA69V6JGCAF4RKQYCAYNG6Y0CANS40KXCAN0QXT0 1860 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\AEBQ3B0CAMDUNRVCAOF11XFCA8XCWA9CAE0VME3CADQ4ILRCAWTXJCECADBUXRJCAEQT1PSCAD31SQSCAU2K0OGCA1B9Y4YCAP8OLH4CA55HCBECAW5H0VLCAZJTUTVCA21LRJV 898 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\ajsCASYXH96.php 4250 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\AL7UTL4CA9DX5LICAR9RG60CARPZUM5CA877EDCCA4PJ0UOCAUHGCFTCA82HSYICAZG8WOJCANKMDCSCA8GYVQQCA3NAK8ECAMBSBVDCAOF097XCAV2FT0WCAGH7PCDCACWYSK3 923 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\A3D9ZBECAOEPEXICAXAMC3ECAC675D8CAKNGYSHCAP1JZQWCA5HH0BQCAYN3KLFCA6SBYQCCA2WGQAFCAW7OWULCALJZDNHCAJPC17FCAWKGK79CAC3N4VKCAZDXUKICAD2H4PP 1861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\AVEDFUNCA6R97RMCAVWN98QCA37TSEMCAO1VJ1QCA5NP98PCA1S1I1KCA2OS8NSCA99OLC5CAWMWN36CAKZWJ07CAYXWSGXCAWW558ZCAG4HK76CALOJY1QCAI017B2CAVZR1DK 1861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LWFNATGS\audience;sz=300x250;ord=7414e0edcc[1] 437 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\aT00NCxzPTMwMHgyNTAsbj1pZnJhbWUsYj0w[1].htm 545 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\usersync[6] 155 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\admeld_sync[9] 181 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\JYQCAUR2FZVCABJJQZSCABUFJYZCA6GWQT0CA4RA209CAKG06MMCANRNOTBCAS60VZ3CACJC305CAI9H3BUCA4VOWJGCA9Q4H63CAY48343CA4VSHRUCAZBYG0XCA6DGDT4.htm 444 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\AUE28IXCAQO46LFCAA5M4XTCAGAWFEBCA4UDTIKCAW485NQCAMGTYO0CA2PEV9KCAU5T3UXCA1T7TTYCAN9N30HCALZS3T4CAAEZLF4CALSFDO4CAZARMD9CA6QG3V7CAT2Q3WP 1303 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\AY280HOCA9QH8H8CA2NO2W2CAAJZ92UCA1FWMLCCATOLX0HCAI1OJ05CAOA5E7XCA0XKVCSCALB703QCA8O4IAICAZ53UJCCA2NHDAACARXT9BMCASJC0W2CAA5KDRECAZ6QYES 1860 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\ddcCAIP8QGA.htm 11257 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\A9MTHFXCAZX27QACAB4JREZCAP72202CAWCJVWWCATMP9DYCAPCNH6ACAY1EA6HCAFXX2EPCA4HYXUNCAA96HE8CARMKOMDCATVPQDSCA5JTYEKCABG45Q2CAUZQY39CAYNK9WS 891 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\ajsCAK815LY.php  3553 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\A0J4309CAI9322DCAOEZTGPCAXQOVQ3CATJYPT8CAII0DYLCAAR73W2CAN0PMQICAGA0D1DCAQ38EXFCA0TXM8DCADUHBJWCAN5O9VUCAF064YECAVJ1LKDCA8Y2WS4CAFYRGWU 1301 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\aT02MixzPTcyOHg5MCxuPWlmcmFtZSxiPTA=[3].htm 18 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\pixelCAA3U8I4.htm 343 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\ajsCAF5KOC2.php 3611 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\ajsCAGM1N6W.php 3883 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM1G696P\ajsCAPGM5UD.php 3926 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\11198a[2].swf 4734 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\ACBZG7JCA2TNZ67CANLTINOCABVRNB4CAAHP41MCAVEBFK5CACDMR5LCA0YXJDXCAV55EHPCAM5KIW1CABEDTDOCA5T5JC5CABFTPB3CARAAQQHCAE7SMJBCA4UQJO8CAEA6800 1318 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\AQWI5XUCA4AU4YQCA4QUQBACARZPXFSCAGLNCWGCAQJ2ZWBCAXON42CCAN76902CAFC03QOCANCLZYVCAAYIEIOCADY5RKPCAT59HXDCASJF6O9CAIOXPCECAXMXSHBCABZOO4Q 660 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\ajsCA37NLVI.php 4219 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\AXRVB8SCAEOIT82CAT7421UCA18MOABCA38Z0E3CAI7TWFSCAIDTKQ4CA9TLZHNCAYA2FAACARQUX15CAORQL1OCAB5P6S0CALYCHGHCATGPPOXCAXS0NP5CAM3ZYJNCAROBEF0 760 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\EZ6CA4A5OY3CACMSFLTCA2KU3UACAQF0JUNCAEWT37KCA46R92LCAYAROEYCA8JITBFCA35VZPPCA231LGSCAGNSQ5CCAUDY29ICA8AM6S2CASKSS2ACATH7DFOCAUCUXBQ.htm 525 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\04KCA2ZQSJ5CAA2GHHPCA6GU4P3CAL6G0S8CAQ5CX4ZCA67WJ7VCA7VTNFJCAMKWAGDCAHS1HWZCAM7MO3CCATLPW2DCAOZKL8GCARLVOQVCAQP2GLLCA9EBP3VCABF3YUY.htm 1299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\A32NHKFCA7L1P9QCAHB1TNCCA25SVX0CAUAM7LBCAIJGZM6CAR7VGSWCAOG1KT4CAKKJLRHCA6UJM7YCACNTV0CCA6CYVGACAZVKC30CAKL78HZCAY9Z9CACABQA29GCAUEKUPL 4475 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P289T1B6\AZ6SHP0CAJW5VC4CACGK3VECARZR5YYCAUT9OQICAOWGXBNCAO1MGUYCAL2MNVECAJHGJUHCATKF0XXCAFQ2D03CASK17COCA31L9TRCAY8J9YCCA1JVSFTCAVCM6WMCAOGG9SP 1622 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6W8417U\3d4f128023178ebe4cc1d66bbbef81b9[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6W8417U\sports[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\A1JXQGJCA1EEEU1CAL1L54YCAYSR9EPCAR83C73CA4CM75UCAMZOX82CALQEG28CA2JK0EDCASHM3A3CAAJAVWSCAOFM0D5CA583IF7CAMLVJ0FCARV7H31CA08560TCAF7IP1O 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AGZ8F6ECAK9NONFCAGTE9D2CA1VBZJUCA4R2DV1CASEWPETCA7NLEB8CAZNREMSCAAV8ZYVCAW3DHI4CAB111JRCAETDT5KCAXY935BCAPU3UGLCA2K0DCJCAJETRXVCAEEC1P3 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\69c4a1bae31ca8b248b1356748367eb5[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AOJID34CALSTS3YCA9X73QUCAYI78HECAVFWYCLCA7YA26DCAI9LTZHCAJLX5XGCARQ97YZCAQQED8DCARD1QSMCA73J50ACAGWH9L0CA4B6THXCAW8R5PMCA2LC1XWCAU9BOKO 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AICAXR2CAQZ0VETCAKT4SU3CAHFHSN9CA9KNTGKCARJHQ3ACAVEHNYRCAWHCNKCCAUBB7ICCARDD1RKCAAGT1E6CAGD3207CAY70ZHLCA0VQ5N4CA45SD6NCAYFD3C3CA9KF1WI 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ad[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\BGYCAIKQEQPCA3NGWXSCAPFROISCAS24633CATQI4VHCAMEJ1X9CAEB0KONCA4CHXEPCAN44510CARXFZ6PCA6JID28CAVF5ZMHCA2H6ODICA1NR9LICAMEKIDOCAE2YS6Z.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\300x250[10].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\TRVCA807UBECAI63XU2CAX3DTSZCAWCCQRECA32JGTECAET9V7JCACU5R72CALBK8HRCAWNCFCGCA0GKJDYCADCMJPLCAMPVFELCAMGQ8G6CAYAZ5ZNCAMMFB9MCA2DCCH4.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AB22EQ2CAYWHLIPCARB2Z0RCABVWIT0CAMDD3YJCAJDJ60OCA4M5VEQCAYLAJNCCA0LQH21CAG6U24TCA4JW3YTCA1TSP06CAT6E6B7CA052A6YCAI1ATBICAH28J7JCAITGWPM 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AURV4GDCA0HQ0WTCAHL95N4CA02Z1AKCANE2IE0CA4DGVV9CAOKZ17GCAF9OM1ACA3YTVKBCAKI1EYVCADYYLXMCA9IF5NZCA5QF20TCANVOT0ACAQ1KTP1CAK29YUFCAY3RGBE 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AKSO57QCAQZ83IKCAMRBJ0WCA452RI7CA3SFVZPCANWNDWRCAYIH63FCA4K8GM3CADRXSTRCAYOIAH9CAE6P4JTCAK5XEJZCAKBTDSECAM7MFEHCAI02B7GCAW7GIKMCA3KQSEE 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\11273a[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\A54F3Z8CAKTRX2OCA0KX4YPCAI0A2JCCA6KUXLWCACUFKD7CAH77IF5CACE015DCA0EEQMXCAW2FLA8CA7N6SA3CAGW23LKCAYWBZ2QCAYVGL7DCAPOGVZRCAI0HBUGCAEBB1W0 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ajsCAMQZHCQ.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ajsCAZB5Y86.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AYFQT60CAM2NP2UCA3R3U8XCAHIG9C0CA08SE0JCA7FJ98ZCAAFH2OSCAUJV59PCA3G0AY3CAKIJM56CA9W5WI0CAYUAPF3CAA9KQQECAJL7VBNCA0VCJW1CAGTHCIRCAI4YVH2 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\player[11].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AXT271DCA3J4K5TCAGBG57ICAB8FUY4CAASN8OMCACI7735CA5NSHKSCAS8Y50ACA721O23CAP1AQZJCAYSX2ZVCA48XOS3CAZXLNDDCAWLPAB8CAW38JSGCAWG06JACA32EAO4 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AXU08N2CAGKBY92CAPF9IRPCARZQ8ATCA1O0ZQBCA1W3LK0CAZGXYA3CAHVVSKDCA63165OCAIAO5P4CA10IDBVCA488WGSCAYKPU3YCAAAN0B6CAIX7A74CA4E2X22CAMPR5PA 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AOV12SCCA3LHB1NCA33QTT7CAI4HHM0CAELBF8SCASBBMBACA5AENRACA4LN3YICANNDR6WCABQI4R7CARYOHEBCA16PUCQCA636V4JCAQXMJJGCAT9X1HQCAD6MCV5CA7J7SV9 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AOLUGLSCACB2U7ZCAIOAKLWCAP1DQINCA4X9A7UCAG0XC7FCALK02CXCASOHO4PCA7XQYVUCA2ZD37TCAFZRH3YCADOFSQ5CABK0JUVCAK813SJCAIEQ2EMCAMP7BQMCAWEON4B 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ajsCAPYK3ZY.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ajsCAR1W64L.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AMPKJSBCAB56201CA88YLSMCA0F6J0ECAR7BI8RCARIL151CAAIK4Q5CAQA1T36CAAOXIVICAKV3UJTCAJZYXAHCAWLL2C1CAEZNCEICAPQGONOCAFPPNP0CAJQAPN3CA1H6876 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ddcCAFO49XZ.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AXI2HVECAGHMHZMCARI0CS6CA3WJX7PCA2AWP75CA2XTNQUCAZB1QEKCA19XFQVCAL8PZHMCADY94ZJCAC2QIC0CAVUFCJUCAT0UQX5CAKT9R2OCAJ49MLQCACXPIA3CAVS70S4 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AXINCSMCA0EJLV4CANIKHO2CAUQNW98CARN3HPBCAL49VI2CA8HHRTCCAXI1RIPCAEKUVBVCAP0RVX0CAJXFLH1CAMINYRRCAASK4T4CATBS7LDCARC500ZCAQHJU0HCALMUR7K 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\ANG5JLSCATXDLJNCAOZ0NHCCA49CUWCCAP1YFPHCARWE4SCCA8GWMCNCAR683E7CA9YWJD1CAP1OTHFCA0T7GJMCAG82OVPCAUKGX15CA7ZPCKVCAQMOC1WCAYTC1DQCAZH3Q0M 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\AKEH4VTCAOX8DWTCA89KG2KCAM26389CA2QBV1CCAU2SJ8OCAORC6UVCAXM5E19CA5VW1JPCA4BS723CAJ0PLLUCAINDL61CATMQ9L1CAA18A3VCAHXG7OBCA6TWD7NCA9PK1ND 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\freqCANP3KKY.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\A4M371ECARI4740CA2BX271CAE3FKH6CAGSZKZBCAWF54DWCA7N0BN1CA2PRU1VCAS2XHMYCAPWOI3FCABW3V46CAUTOK79CAR96JPYCA3445W7CAORHX83CAVRIMWTCAHIW668 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJDJXED0\DP3CA8DXQIJCA9LXJ53CA4S8FSHCA2GY5MMCA40HU6XCA9FF40OCABQM1YVCAA8BR6GCAQRQ2G3CADNN4VNCAENI5XLCAIU34W9CA3MK6EXCA7T51Z4CAOX8YIUCA2E6Y3C.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AK8CA0O29NJCAPUMSDXCAANOIM2CA2SUHR0CAO0IDP5CAN1PC44CAVWOHBOCALJBM98CA3OVJ9GCAC1QPEWCAHX19SECAQC1TSJCANEAFLRCA5TZ38ECAYZS3VWCAUJGVA1.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AXFL09UCA245NHGCAS3K98WCASCHA3JCA35UWWVCATG8W8OCADZ4E0GCAUI7YL2CA7J3RUUCAL9UGCYCAX5GC7JCAPHU8RWCARKAEF0CAS0EF94CAA3QDO0CA4L2D91CAOO9Y3Q 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\ASLKVUICA1OM6VBCANZ86WICA38ZRNICAUIHUEZCAG7XINDCA5I0E00CA1H5QHMCAEUBWZECASSFOE8CASZY1ATCA1IVW38CAIYC3P1CAFB3UGUCAL6BUF1CAPPAFP8CASBSHHW 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AAT03WUCAFQRQ7QCAP2105GCA77YJF4CA5M132XCA7TL4NVCAXTIN1QCAJWO0URCA0KUIJ7CA1ADHVTCABTLUOICAHBXNVACAA8WCKYCAMM6YEJCAM08RSECA3TOIEYCA9RG0NI 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AJ6BU3SCABNIYV6CAOHX8S3CAVICB4XCARZHSZGCARAXS75CA2O1UM1CAPZZA65CAVDG04PCAYZR5ZVCAMIERSJCAI1E32HCAKG5SOVCAU628YACAYE1ZIZCA78M8K0CAOVX7GQ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AH18KRWCAA4E925CAJ9NEJFCAQYKUT9CA977RVZCANQ0KT8CAKR2563CADE5TQCCA2IFTUQCA3IMTGRCAAL5D1NCAJWMYF9CARRHQF1CA5O967KCAAZAKX3CAWFNA4ACALGPKLI 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\A3CSL06CANL0V7FCA7HNP6ECADVYACXCAWXR2XECAN162HJCAXMQ7CACAUSVUJ0CALFWJUFCAEJTVR0CA8EORPCCA6245E1CA2V0842CAHIREDNCAJMM6FDCATIHBVSCA5EE14K 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\ddcCAD6VLJ4.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\mickle_atf[5] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AWNE9WNCA5MLUH0CAN4989BCA7X0BL4CAQADWE9CA9UEHGTCAQGYERECA2KPT2WCA1EDB53CA6H9R5QCARV60OMCA038CCKCA4BF1LECAISA1UXCA8VDY45CAAV8PLMCA8S6X5U 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\A0TY97BCADAB90NCANSDSJ7CAV4LH24CAG1TIYFCA5SV50VCAO7QAAFCANP009HCAXJEEOTCA63UFV3CAJP02EQCAJL0R31CA3EYDX3CAZL0MK7CAVZ9P10CA4FHE6ACAUJ971U 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\A0U4ZYFCAVTH5XJCANOKFD6CAHCQAP7CASYLI99CAWCL4H1CA2CQ4FBCAUMQZXTCAZEVCJ9CAMM8SWRCAJF3EF2CA4H85G5CAH0OQ7CCA71RDP9CAAE2GHQCAM8NG6FCABJ1WWH 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\JDICA2K2VK4CALZCW35CA0NEYD3CAX9TIZDCAAIH22QCA7LT3O2CATHFZ1XCA8LJUT2CA8FSXYJCA9XS6Y9CAPQ5GJ5CA3A6VRWCACSC2POCA8J78DDCAYNCD8JCA71A0LV.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AAW92WTCASTTE3CCA62L7NXCANQ5VFWCA9SUV4OCAZ0U29XCAYSB08SCAE994HMCABPZ4YTCABKGI1SCACZFZGOCA3WMBDPCAI66CQBCANPEWKFCAOY4B6ZCAZ343IQCAL0LROM 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AL3SWM1CAA3XGRYCAU6ECCCCAAOFHP5CAR9I3NACAHQZCXNCAEK4T1ACA4HMBV0CARLAF6ICA3TKTVXCAZXL41BCAR3MX3ZCA375I5SCA5JP00VCAN69RZ0CAM3CSUJCANAPX35 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\A28UUZUCAJXUNZCCAVB3L6SCAIIA388CAZRDP8RCAWKUZIPCAWS8B0UCA40GB4OCA1BJOWVCACZL8UHCAJ4CSIHCA52QMT8CA2AVOHMCAVWR89HCAGJGBMDCA0G50VFCAO5SD16 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AEZP6J0CAGJZ5FACAGRIVI2CAC8C46WCA2VO7LNCAJ6DKDQCAN9N9FACAQBHNSPCARDBMRSCAFIY6H9CAEDYNZ5CA9R61HLCAB5T2KICA96UN0RCAMIO4M6CA5ZXFRJCA684TFN 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\AJDZOYBCACC20FECA76SNPVCAAF8SQPCAJ8YVYTCAR6OZ0FCASBSMHNCA6ZT0RWCANVG648CAP65N5SCAUJJRIDCAYD0LRZCAKDY8Q8CAG4D01KCAQ9OE30CAE02BMICAY4DHV2 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\A9A7CC8CAQ6FZ4YCAX1ZNLQCAPI6SM7CASWODPACA2BC3FYCAXCXWBSCA7C8BI1CAM61VCOCAUPELAYCA1ZKLF9CAZKU619CAVWYTRTCAHKCNSKCAWMW34OCAZVRNDHCAF0OHDE 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\ajsCAYIJS1J.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\ajsCAZXRWXF.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\UYCCA0KP45XCA9NGXZ7CA8UANZHCAR4DK5UCADXYKD8CAZF8GWOCA5TFMXXCAVBBREHCATIHZ08CAA2J0SQCAF5YIOICAZ4HDKKCAPXWLVNCADQ56SQCARYYSMDCA2WMLXK.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\playerCAAAQGSH.swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEFBQ5SL\A11G6DICA1NCN3FCA7YNT4LCARLZJG3CA9FQNGFCACIX1JGCAGTC4UPCALVNE0ECAP6EEXRCAR4Y737CARRHC6TCAFC6PJZCACT8M07CAOF7WI4CAFYS0MKCAG6LXTZCA4Y615Y 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\15ECAU34CN0CA41JJSQCA684FPXCADPWQ7HCA2PBNBRCAEK1DG0CATTLENJCAEZ2M4DCAFULJEICAPJDTMACA3XSGC3CA5CAE15CALNOIK5CABCNW76CAHU9DJJCAXH5V32.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\st%253Fad_type%253Diframe%2526ad_size%253D160x600%2526section%253D840826[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\APLD43FCA5GD7MUCA38DCQZCAVUXLMDCAHHU3S2CA27I3KTCAMDSA3YCAZZ00IJCAZZAXIQCAER3YRLCADUWO7ECALVTS3ECAAHYAAACAYUP890CA8RJ2H1CAW94VM3CARTXIR7 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\ABTUKACCAFT56E5CADTRYB7CAE03GBZCAE0WPHPCA440KQ3CAW9K9CYCAG86P2QCANAK8X2CAH5OF9RCAXQ87FSCA5H8YSOCA5KLYXNCA4XHMP9CAEW41QZCA3CR1Y7CA6OT9HP 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\AGGQV7YCA2G8EUXCAD2A0UQCAJRI6O0CAUYQPSDCA51HYH3CAK3W18PCAVCOBF9CAF25Q3DCA0O68WDCA52MVHTCAPXYQTKCAVM8YU5CAUF09R2CAE708VJCAM64CJGCAZ3CQSQ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\69c4a1bae31ca8b248b1356748367eb5[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\A13LDHQCA2UW6U1CAMU384WCA27J9O2CASDJK09CAPD2Z4ECAGLHP92CA9PT6K2CAQ02Y36CAB504IFCAV5A22MCADVV494CABNVKEMCAHQ1OEUCALTQTYVCAXV8AQYCAER0UX0 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\AVT2MI1CA0C7Z8JCARF7R14CABZN0L0CA71RF4PCAVFOS4RCARJNOMTCAVK1EL3CA0GH0RBCALRO32VCASF1LVUCAK331KECAKMV72VCAGDHV41CA27V51ECA3S85EVCAZDZ29H 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\ajsCAVHH36F.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\AYBFMMYCA1H7MMWCAAID5VOCAJ8QS9ICAPUHGU5CAUDVZ1RCA6VQBBMCATBXE0ZCA149UZ3CA84K832CAV1X3WFCALG3QTTCAEUGX72CA8PZY7GCAG90P5HCAEA5E6ICAG9KCRY 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\A9A3SELCAZKXC2ECAKH5L53CA226ZCUCALTSWTOCA3HYYFVCAJZWZ4JCAZYK1WFCA3PI2VZCAGY4FSDCALRKR1HCAQJ3BYVCAXWP7CVCA13D6EDCA4NNIYVCA27E8LCCATN43S2 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\JS[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\ajsCA3BY6GK.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIXP7F5X\ddcCADY65SF.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\AOUZZOMCAMEVF61CA06NJSECA51Q7GDCAARE86SCAIE14JPCA3WVT9ICAH3B80VCAE3DEYUCA2016BRCAP908B9CAHOSANKCAJDFUOICASH0MI0CA1BP25ECAV42YN0CA8LL36W 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\A41QBTVCA6KQC8RCA0YK5VVCAB4RBXRCADZ6TZGCAX0YDWKCA7U6KKCCAN9VD2QCAY7GICECACL69JHCAXPKR8PCA2DYS0VCAQZANZMCA4T10LCCA05PRV6CA0LKKNECAJDW4DU 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\1ASCA5QG7SCCALKBUTICAQ7VQX7CAT0HW96CA3YT1FYCABUE9G1CA1QHZHDCAK6ZTIQCA0C0CWGCA0X35LCCA3REFUDCA6RHQ9XCA835C4PCAWLT463CA3159TNCAAQMOC8.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\ASCUGLPCAE2ZT2GCA72URMSCATV9YQCCADZUK2HCAYUWT5WCAE01EOQCA8Z8M7PCAKVAAQSCAIH8KROCA7RY9G4CA4B1M0WCA2RHLPZCAMYXVCPCAXCO9SBCAL0TCX0CAE2PNQK 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\A0I0YQJCA1I9IDNCAC0UV2CCAGNISXDCAIE3YRDCAOVCA58CAT0FZ9XCAGTPQSJCA17DTV8CABMODYVCAFU36GUCAO60D2HCAPFDF5KCAYPXOV1CAOSYQFQCAO8KM8MCAQJN4Q9 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\AEDT3NLCAUX9KHBCAZ8T7WBCA40WM1WCA060LK1CA4E1ALQCA1DI44ACA2O2DHSCA5S12QCCA47TN4YCAY7IGKGCAM9SAOSCAZSWOHXCAR17ZX3CAW25060CABH711QCA1OA3KF 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\A5BBIDFCANJEPLWCAE0A9FJCAHLWIC8CA7T95UACA583BWFCAZZ3P6HCA1FB40MCAXJRE0BCACEUAFYCA3A9J44CAI7DGQ4CAJYRFQ4CAT0B812CA5S949NCA8HWFDCCA0N1U5W 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\AGCX6M1CAKHRV4LCASHF8FACACEXF8UCALU3JA6CAB5DWDPCAHFBXGMCA32ZQFUCAOY8X9YCA25CZS2CAOWNQ01CA1MRSN7CAEY0I7LCAJFFHZ9CAJSFXIJCAOGQSK6CAM9Q57I 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\AGDVR3HCA6QJSR4CA5I5VW2CAVZ526YCA336BAUCA2TIAOOCAQAHWU2CAOMJUE0CAI6X1JJCAPUQO68CABR8M8LCAQXOWA6CA0TIOABCALENEFQCAOY5CB7CAFJNI7PCAY34JPN 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCHYAB6W\AL3LD49CADL8LEUCAMXDW9DCAN8X28GCAH658U2CAFMB9I8CARYXQK7CA9FGQVTCAO2YU7GCAJSLNV2CA4ILHNQCAC39O3ICAKC8V0LCA9XL7FLCANI63DKCACXH6AVCAS9P2VP 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J73V3LOI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JG9ABKM0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OB0IHYL3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6U01ITFQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GMVHYQ5M.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Z61ASZHW.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LCFEOJFA.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5DYYJUAS.txt  0 bytes

---- EOF - GMER 1.0.15 ----


----------



## Larusso (Aug 9, 2011)

Hy there,

You have a nasty infection, called ZeroAccess Rootkit, on your system. This is very hard to kill.

Before moving on, I recommend to back up all important files, that you can not life without.

Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Note:* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can use *this thread* as a guide.

Please include the C:\ComboFix.txt in your next reply for further review.

*Please post in your next reply*
Combofix.txt


----------



## vivalamusic (Jan 1, 1970)

Here is the Combofix text.

c:\program files\LP
c:\programdata\Son83Ntr.exe
c:\users\Ashley\AppData\Roaming\firefox.exe
c:\users\Ashley\AppData\Roaming\java.exe
c:\users\Ashley\AppData\Roaming\ldr.ini
c:\windows\$NtUninstallKB5054$
c:\windows\$NtUninstallKB5054$\1120660564
c:\windows\$NtUninstallKB5054$\4030260102\@
c:\windows\$NtUninstallKB5054$\4030260102\bckfg.tmp
c:\windows\$NtUninstallKB5054$\4030260102\cfg.ini
c:\windows\$NtUninstallKB5054$\4030260102\Desktop.ini
c:\windows\$NtUninstallKB5054$\4030260102\keywords
c:\windows\$NtUninstallKB5054$\4030260102\kwrd.dll
c:\windows\$NtUninstallKB5054$\4030260102\L\qnbwvoto
c:\windows\$NtUninstallKB5054$\4030260102\lsflt7.ver
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\0000000[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\Tasks\At1.job
c:\windows\Temp\_ex-68.exe
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected 
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys 
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 11:48 . 2011-11-29 11:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-29 11:48 . 2011-11-29 19:55	--------	d-----w-	c:\users\Ashley\AppData\Local\temp
2011-11-29 05:19 . 2011-11-25 23:17	111616	----a-w-	c:\windows\system32\03D37iu.com
2011-11-26 21:29 . 2011-11-26 21:29	--------	d-----w-	c:\windows\system32\x64
2011-11-26 21:15 . 2011-11-26 21:15	--------	d-----w-	c:\users\Ashley\AppData\Local\ElevatedDiagnostics
2011-11-26 19:14 . 2011-11-26 19:14	--------	d-----w-	c:\users\Ashley\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 19:04 . 2011-11-26 19:14	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-11-26 19:04 . 2011-11-26 19:04	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-11-26 19:00 . 2011-11-26 19:00	--------	d-----w-	c:\users\Ashley\AppData\Roaming\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-26 19:00 . 2011-08-31 22:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-26 04:36 . 2011-10-03 10:06	476904	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-24 18:41 . 2011-11-26 15:58	--------	d-----w-	c:\program files\PC Tools Security
2011-11-24 18:33 . 2011-11-25 04:33	--------	d-----w-	c:\programdata\PC Tools
2011-11-24 14:23 . 2011-11-24 14:23	--------	d-----w-	c:\users\Ashley\AppData\Roaming\klIBtzPNyAu
2011-11-24 14:23 . 2011-11-24 14:23	--------	d-----w-	c:\users\Ashley\AppData\Roaming\QQJ7dEK8gZhXjV
2011-11-24 14:18 . 2011-11-24 14:18	--------	d-----w-	c:\users\Ashley\AppData\Roaming\FS2obd8fR9TqUrA
2011-11-24 14:18 . 2011-11-24 14:18	--------	d-----w-	c:\users\Ashley\AppData\Roaming\J8fRZ9hTXjCIzxu
2011-11-24 14:06 . 2011-11-24 14:06	--------	d-----w-	c:\users\Ashley\AppData\Roaming\pA1uvD2ob4m58R9
2011-11-24 14:06 . 2011-11-24 14:06	--------	d-----w-	c:\users\Ashley\AppData\Roaming\vK8gRZ9hYwUlBzN
2011-11-24 14:05 . 2011-11-24 14:05	--------	d-----w-	c:\users\Ashley\AppData\Roaming\nfRL9hTXqUeIrOy
2011-11-24 14:03 . 2011-11-24 14:03	--------	d-----w-	c:\users\Ashley\AppData\Roaming\VqhYkeBtz0c1D4m
2011-11-24 14:03 . 2011-11-24 14:03	--------	d-----w-	c:\users\Ashley\AppData\Roaming\S5sQJ7EK8R
2011-11-23 22:27 . 2011-11-23 22:27	--------	d-----w-	c:\users\Ashley\AppData\Roaming\XWWK77fEL9
2011-11-23 22:27 . 2011-11-23 22:27	--------	d-----w-	c:\users\Ashley\AppData\Roaming\jSSS2iibD3pG4QH
2011-11-22 22:16 . 2011-11-29 11:32	--------	d-----w-	c:\users\Ashley\AppData\Roaming\91B86
2011-11-22 22:16 . 2011-11-22 22:16	101888	----a-w-	c:\users\Ashley\AppData\Roaming\Microsoft\4606\240E.tmp
2011-11-22 22:16 . 2011-11-22 22:16	--------	d-----w-	c:\users\Ashley\AppData\Roaming\T3GG44aQH
2011-11-22 22:16 . 2011-11-22 22:16	--------	d-----w-	c:\users\Ashley\AppData\Roaming\qrrrzOONtxAucSi
2011-11-22 22:15 . 2011-11-29 11:32	--------	d-----w-	c:\users\Ashley\AppData\Roaming\68991
2011-11-22 22:15 . 2011-11-22 22:15	--------	d-----w-	c:\users\Ashley\AppData\Roaming\RppnGG4aQH6sK7E
2011-11-22 22:15 . 2011-11-22 22:15	--------	d-----w-	c:\users\Ashley\AppData\Roaming\mFF44pmG5sQJd
2011-11-22 22:15 . 2011-11-22 22:15	--------	d-----w-	c:\users\Ashley\AppData\Roaming\dZ99hhYXwjUV
2011-11-22 20:17 . 2011-10-18 06:28	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3510A141-4214-4D11-8627-A15AE38768B5}\mpengine.dll
2011-11-20 03:43 . 2011-11-20 03:43	--------	d-----w-	c:\program files\iPod
2011-11-20 03:42 . 2011-11-20 03:44	--------	d-----w-	c:\program files\iTunes
2011-11-15 23:01 . 2011-11-15 23:01	--------	d-----w-	c:\program files\Common Files\Skype
2011-11-15 23:01 . 2011-11-15 23:03	--------	d-----r-	c:\program files\Skype
2011-11-14 14:27 . 2011-11-14 14:27	4335776	----a-w-	c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-11-12 18:56 . 2011-11-12 18:56	--------	d-----w-	c:\programdata\AVS4YOU
2011-11-12 18:56 . 2011-11-12 18:56	--------	d-----w-	c:\users\Ashley\AppData\Roaming\AVS4YOU
2011-11-12 18:53 . 2011-11-24 14:27	--------	d-----w-	c:\program files\Common Files\AVSMedia
2011-11-12 18:52 . 2011-06-23 18:25	24576	----a-w-	c:\windows\system32\msxml3a.dll
2011-11-12 18:52 . 2011-11-24 14:27	--------	d-----w-	c:\program files\AVS4YOU
2011-11-12 18:35 . 2011-11-12 18:35	--------	d-----w-	c:\programdata\muvee Technologies
2011-11-12 18:35 . 2011-11-12 18:36	--------	d-----w-	c:\users\Ashley\AppData\Roaming\muvee Technologies
2011-11-12 18:27 . 2011-11-12 18:27	--------	d-----w-	c:\windows\Sun
2011-11-11 22:07 . 2011-11-11 22:07	--------	d-----w-	c:\programdata\Wondershare
2011-11-11 22:07 . 2011-11-11 22:07	--------	d-----w-	c:\program files\Wondershare
2011-11-08 20:00 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 20:00 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:00 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 14:21 . 2011-09-11 14:08	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2011-09-11 13:58	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-11 16:31 . 2008-08-06 22:29	353840	----a-w-	c:\windows\system32\msvcr71.dll
2011-09-11 16:31 . 2008-08-06 22:27	505392	----a-w-	c:\windows\system32\msvcp71.dll
2011-09-11 16:30 . 2008-10-23 10:43	1066544	----a-w-	c:\windows\system32\MFC71.dll
2011-09-11 16:30 . 2008-10-23 10:43	1053232	----a-w-	c:\windows\system32\MFC71u.dll
2011-09-06 13:30 . 2011-10-11 20:45	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-11 20:44	1383424	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-09 19:59 . 2011-09-11 14:06	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1601730260-1379543078-2060792534-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ HPSLPSVC
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\At10.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At11.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At12.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At13.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At14.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At15.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At16.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At17.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At18.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At19.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At2.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At20.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At21.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At22.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At23.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At24.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At25.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At26.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At27.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At28.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At29.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At3.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At30.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At31.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At32.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At33.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At34.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At35.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At36.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At37.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At38.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At39.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At4.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At40.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At41.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At42.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At43.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At44.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At45.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At46.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At47.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At48.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At49.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At5.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At6.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At7.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At8.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At9.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-11 c:\windows\Tasks\HPCeeScheduleForAshley.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-11-29 c:\windows\Tasks\WebReg Officejet 6000 E609a Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-28 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:62970
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9j1v10w6.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62970
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-w8fRZ9hTXjClBzN8234A - c:\windows\system32\AV Protection 2011v121.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
.
**************************************************************************
.
Completion time: 2011-11-29 14:58:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 19:58
.
Pre-Run: 213,471,830,016 bytes free
Post-Run: 215,841,837,056 bytes free
.
- - End Of File - - 3F28E318DCBA72F8F4BF4AE8C14823FE


----------



## Larusso (Aug 9, 2011)

Hy there,

this is not the complete log

Please, 
 double-click on a Logfile to open it.
 Right click with your mouse or touchpad.
 Chose *Select All* from the shortcut menu.
 Right click again, then chose *Copy* from the shortcut menu.
 Go the window where you are typing your new topic. Select an area after the text.
 Right click and select *Paste* from the shortcut menu.


----------



## vivalamusic (Jan 1, 1970)

Sorry, okay here you go.

ComboFix 11-11-28.02 - Ashley 11/29/2011 6:35.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3002.2309 [GMT -5:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\programdata\Son83Ntr.exe
c:\users\Ashley\AppData\Roaming\firefox.exe
c:\users\Ashley\AppData\Roaming\java.exe
c:\users\Ashley\AppData\Roaming\ldr.ini
c:\windows\$NtUninstallKB5054$
c:\windows\$NtUninstallKB5054$\1120660564
c:\windows\$NtUninstallKB5054$\4030260102\@
c:\windows\$NtUninstallKB5054$\4030260102\bckfg.tmp
c:\windows\$NtUninstallKB5054$\4030260102\cfg.ini
c:\windows\$NtUninstallKB5054$\4030260102\Desktop.ini
c:\windows\$NtUninstallKB5054$\4030260102\keywords
c:\windows\$NtUninstallKB5054$\4030260102\kwrd.dll
c:\windows\$NtUninstallKB5054$\4030260102\L\qnbwvoto
c:\windows\$NtUninstallKB5054$\4030260102\lsflt7.ver
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\$NtUninstallKB5054$\4030260102\U\[email protected]
c:\windows\Tasks\At1.job
c:\windows\Temp\_ex-68.exe
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected 
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys 
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 11:48 . 2011-11-29 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 11:48 . 2011-11-29 19:55 -------- d-----w- c:\users\Ashley\AppData\Local\temp
2011-11-29 05:19 . 2011-11-25 23:17 111616 ----a-w- c:\windows\system32\03D37iu.com
2011-11-26 21:29 . 2011-11-26 21:29 -------- d-----w- c:\windows\system32\x64
2011-11-26 21:15 . 2011-11-26 21:15 -------- d-----w- c:\users\Ashley\AppData\Local\ElevatedDiagnostics
2011-11-26 19:14 . 2011-11-26 19:14 -------- d-----w- c:\users\Ashley\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 19:04 . 2011-11-26 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-26 19:04 . 2011-11-26 19:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\users\Ashley\AppData\Roaming\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 19:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:36 . 2011-10-03 10:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-24 18:41 . 2011-11-26 15:58 -------- d-----w- c:\program files\PC Tools Security
2011-11-24 18:33 . 2011-11-25 04:33 -------- d-----w- c:\programdata\PC Tools
2011-11-24 14:23 . 2011-11-24 14:23 -------- d-----w- c:\users\Ashley\AppData\Roaming\klIBtzPNyAu
2011-11-24 14:23 . 2011-11-24 14:23 -------- d-----w- c:\users\Ashley\AppData\Roaming\QQJ7dEK8gZhXjV
2011-11-24 14:18 . 2011-11-24 14:18 -------- d-----w- c:\users\Ashley\AppData\Roaming\FS2obd8fR9TqUrA
2011-11-24 14:18 . 2011-11-24 14:18 -------- d-----w- c:\users\Ashley\AppData\Roaming\J8fRZ9hTXjCIzxu
2011-11-24 14:06 . 2011-11-24 14:06 -------- d-----w- c:\users\Ashley\AppData\Roaming\pA1uvD2ob4m58R9
2011-11-24 14:06 . 2011-11-24 14:06 -------- d-----w- c:\users\Ashley\AppData\Roaming\vK8gRZ9hYwUlBzN
2011-11-24 14:05 . 2011-11-24 14:05 -------- d-----w- c:\users\Ashley\AppData\Roaming\nfRL9hTXqUeIrOy
2011-11-24 14:03 . 2011-11-24 14:03 -------- d-----w- c:\users\Ashley\AppData\Roaming\VqhYkeBtz0c1D4m
2011-11-24 14:03 . 2011-11-24 14:03 -------- d-----w- c:\users\Ashley\AppData\Roaming\S5sQJ7EK8R
2011-11-23 22:27 . 2011-11-23 22:27 -------- d-----w- c:\users\Ashley\AppData\Roaming\XWWK77fEL9
2011-11-23 22:27 . 2011-11-23 22:27 -------- d-----w- c:\users\Ashley\AppData\Roaming\jSSS2iibD3pG4QH
2011-11-22 22:16 . 2011-11-29 11:32 -------- d-----w- c:\users\Ashley\AppData\Roaming\91B86
2011-11-22 22:16 . 2011-11-22 22:16 101888 ----a-w- c:\users\Ashley\AppData\Roaming\Microsoft\4606\240E.tmp
2011-11-22 22:16 . 2011-11-22 22:16 -------- d-----w- c:\users\Ashley\AppData\Roaming\T3GG44aQH
2011-11-22 22:16 . 2011-11-22 22:16 -------- d-----w- c:\users\Ashley\AppData\Roaming\qrrrzOONtxAucSi
2011-11-22 22:15 . 2011-11-29 11:32 -------- d-----w- c:\users\Ashley\AppData\Roaming\68991
2011-11-22 22:15 . 2011-11-22 22:15 -------- d-----w- c:\users\Ashley\AppData\Roaming\RppnGG4aQH6sK7E
2011-11-22 22:15 . 2011-11-22 22:15 -------- d-----w- c:\users\Ashley\AppData\Roaming\mFF44pmG5sQJd
2011-11-22 22:15 . 2011-11-22 22:15 -------- d-----w- c:\users\Ashley\AppData\Roaming\dZ99hhYXwjUV
2011-11-22 20:17 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3510A141-4214-4D11-8627-A15AE38768B5}\mpengine.dll
2011-11-20 03:43 . 2011-11-20 03:43 -------- d-----w- c:\program files\iPod
2011-11-20 03:42 . 2011-11-20 03:44 -------- d-----w- c:\program files\iTunes
2011-11-15 23:01 . 2011-11-15 23:01 -------- d-----w- c:\program files\Common Files\Skype
2011-11-15 23:01 . 2011-11-15 23:03 -------- d-----r- c:\program files\Skype
2011-11-14 14:27 . 2011-11-14 14:27 4335776 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-11-12 18:56 . 2011-11-12 18:56 -------- d-----w- c:\programdata\AVS4YOU
2011-11-12 18:56 . 2011-11-12 18:56 -------- d-----w- c:\users\Ashley\AppData\Roaming\AVS4YOU
2011-11-12 18:53 . 2011-11-24 14:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-11-12 18:52 . 2011-06-23 18:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-11-12 18:52 . 2011-11-24 14:27 -------- d-----w- c:\program files\AVS4YOU
2011-11-12 18:35 . 2011-11-12 18:35 -------- d-----w- c:\programdata\muvee Technologies
2011-11-12 18:35 . 2011-11-12 18:36 -------- d-----w- c:\users\Ashley\AppData\Roaming\muvee Technologies
2011-11-12 18:27 . 2011-11-12 18:27 -------- d-----w- c:\windows\Sun
2011-11-11 22:07 . 2011-11-11 22:07 -------- d-----w- c:\programdata\Wondershare
2011-11-11 22:07 . 2011-11-11 22:07 -------- d-----w- c:\program files\Wondershare
2011-11-08 20:00 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 20:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 14:21 . 2011-09-11 14:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2011-09-11 13:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 16:31 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-11 16:31 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-11 16:30 . 2008-10-23 10:43 1066544 ----a-w- c:\windows\system32\MFC71.dll
2011-09-11 16:30 . 2008-10-23 10:43 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2011-09-06 13:30 . 2011-10-11 20:45 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-11 20:44 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-09 19:59 . 2011-09-11 14:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1601730260-1379543078-2060792534-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\At10.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At11.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At12.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At13.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At14.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At15.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At16.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At17.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At18.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At19.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At2.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At20.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At21.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At22.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At23.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At24.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At25.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At26.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At27.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At28.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At29.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At3.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At30.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At31.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At32.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At33.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At34.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At35.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At36.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At37.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-28 c:\windows\Tasks\At38.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-28 c:\windows\Tasks\At39.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At4.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At40.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At41.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At42.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At43.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At44.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At45.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At46.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At47.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At48.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At49.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At5.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At6.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At7.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\At8.job
- c:\windows\system32\03D37iu.com [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At9.job
- c:\windows\system32\03D37iu.com_ [2011-11-25 23:17]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-11 c:\windows\Tasks\HPCeeScheduleForAshley.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-11-29 c:\windows\Tasks\WebReg Officejet 6000 E609a Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-28 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:62970
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9j1v10w6.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62970
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-w8fRZ9hTXjClBzN8234A - c:\windows\system32\AV Protection 2011v121.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37I~1.COM
.
**************************************************************************
.
Completion time: 2011-11-29 14:58:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 19:58
.
Pre-Run: 213,471,830,016 bytes free
Post-Run: 215,841,837,056 bytes free
.
- - End Of File - - 3F28E318DCBA72F8F4BF4AE8C14823FE


----------



## Larusso (Aug 9, 2011)

Now worries 

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click *"Advanced mode"* if not already selected.
Choose *"Yes"* at the Warning prompt.
Expand the *"Tools"* menu.
Click *"Resident".*
Uncheck the *"Resident "TeaTimer" (Protection of overall system settings) active."* box.
In the File menu click *"Exit"* to exit Spybot Search & Destroy.

Open *notepad* and copy/paste the text in the Code-box below into it:


```
Collect::
c:\windows\system32\03D37iu.com

DirLook::
c:\windows\system32\x64

Folder::
c:\users\Ashley\AppData\Roaming\klIBtzPNyAu
c:\users\Ashley\AppData\Roaming\QQJ7dEK8gZhXjV
c:\users\Ashley\AppData\Roaming\FS2obd8fR9TqUrA
c:\users\Ashley\AppData\Roaming\J8fRZ9hTXjCIzxu
c:\users\Ashley\AppData\Roaming\pA1uvD2ob4m58R9
c:\users\Ashley\AppData\Roaming\vK8gRZ9hYwUlBzN
c:\users\Ashley\AppData\Roaming\nfRL9hTXqUeIrOy
c:\users\Ashley\AppData\Roaming\VqhYkeBtz0c1D4m
c:\users\Ashley\AppData\Roaming\S5sQJ7EK8R
c:\users\Ashley\AppData\Roaming\XWWK77fEL9
c:\users\Ashley\AppData\Roaming\jSSS2iibD3pG4QH
c:\users\Ashley\AppData\Roaming\91B86
c:\users\Ashley\AppData\Roaming\Microsoft\4606
c:\users\Ashley\AppData\Roaming\T3GG44aQH
c:\users\Ashley\AppData\Roaming\qrrrzOONtxAucSi
c:\users\Ashley\AppData\Roaming\68991
c:\users\Ashley\AppData\Roaming\RppnGG4aQH6sK7E
c:\users\Ashley\AppData\Roaming\mFF44pmG5sQJd
c:\users\Ashley\AppData\Roaming\dZ99hhYXwjUV

AtJob::
```

 Save this as *CFScript.txt*, in the same location as ComboFix.exe.
 Close any open browsers.
 Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.










Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

***Note** *

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.

*Please post in your next reply*
Combofix.txt
How is your system behaving now ?


----------



## vivalamusic (Jan 1, 1970)

It says, "You are missing administrator rights to perform this action. If you need to do this, please run this application elevated as an administrator." How do I do this?

Thank you.


----------



## Larusso (Aug 9, 2011)

When you are trying to disable teatimer ?


----------



## vivalamusic (Jan 1, 1970)

Yes. My account on this laptop is already Administrator though.


----------



## Larusso (Aug 9, 2011)

Yes, sometimes the User Account Control can interfere us.

As we can try to run Spybot as Admin.... I will prefer to run this batch file

Download ResetTeaTimer.bat and safe it on your Desktop.
Rightclick the .bat file and choose "Run as Administrator".

After this, reboot and move on with Combofix


----------



## vivalamusic (Jan 1, 1970)

Never mind, didn't need to become Administrator, found out that all I needed to do was to toggle it.


----------



## Larusso (Aug 9, 2011)

hehe, good work


----------



## vivalamusic (Jan 1, 1970)

Here it is.

ComboFix 11-11-28.02 - Ashley 11/29/2011 16:02:58.2.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3002.1750 [GMT -5:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\03D37iu.com
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ashley\AppData\Roaming\68991
c:\users\Ashley\AppData\Roaming\68991\1B86.899
c:\users\Ashley\AppData\Roaming\91B86
c:\users\Ashley\AppData\Roaming\dZ99hhYXwjUV
c:\users\Ashley\AppData\Roaming\FS2obd8fR9TqUrA
c:\users\Ashley\AppData\Roaming\FS2obd8fR9TqUrA\AV Protection 2011.ico
c:\users\Ashley\AppData\Roaming\J8fRZ9hTXjCIzxu
c:\users\Ashley\AppData\Roaming\jSSS2iibD3pG4QH
c:\users\Ashley\AppData\Roaming\klIBtzPNyAu
c:\users\Ashley\AppData\Roaming\klIBtzPNyAu\AV Protection 2011.ico
c:\users\Ashley\AppData\Roaming\mFF44pmG5sQJd
c:\users\Ashley\AppData\Roaming\mFF44pmG5sQJd\AV Protection 2011v121.exe
c:\users\Ashley\AppData\Roaming\Microsoft\4606
c:\users\Ashley\AppData\Roaming\Microsoft\4606\240E.tmp
c:\users\Ashley\AppData\Roaming\Microsoft\4606\690A.tmp
c:\users\Ashley\AppData\Roaming\Microsoft\4606\6C39.tmp
c:\users\Ashley\AppData\Roaming\Microsoft\4606\7235.tmp
c:\users\Ashley\AppData\Roaming\Microsoft\4606\7242.tmp
c:\users\Ashley\AppData\Roaming\Microsoft\4606\B634.tmp
c:\users\Ashley\AppData\Roaming\Microsoft\4606\E105.tmp
c:\users\Ashley\AppData\Roaming\nfRL9hTXqUeIrOy
c:\users\Ashley\AppData\Roaming\pA1uvD2ob4m58R9
c:\users\Ashley\AppData\Roaming\pA1uvD2ob4m58R9\AV Protection 2011.ico
c:\users\Ashley\AppData\Roaming\QQJ7dEK8gZhXjV
c:\users\Ashley\AppData\Roaming\qrrrzOONtxAucSi
c:\users\Ashley\AppData\Roaming\RppnGG4aQH6sK7E
c:\users\Ashley\AppData\Roaming\S5sQJ7EK8R
c:\users\Ashley\AppData\Roaming\S5sQJ7EK8R\AV Protection 2011.ico
c:\users\Ashley\AppData\Roaming\T3GG44aQH
c:\users\Ashley\AppData\Roaming\T3GG44aQH\AV Protection 2011.ico
c:\users\Ashley\AppData\Roaming\vK8gRZ9hYwUlBzN
c:\users\Ashley\AppData\Roaming\VqhYkeBtz0c1D4m
c:\users\Ashley\AppData\Roaming\XWWK77fEL9
c:\users\Ashley\AppData\Roaming\XWWK77fEL9\AV Protection 2011.ico
c:\windows\system32\03D37iu.com
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 21:13 . 2011-11-29 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 11:48 . 2011-11-29 21:14 -------- d-----w- c:\users\Ashley\AppData\Local\temp
2011-11-26 21:29 . 2011-11-26 21:29 -------- d-----w- c:\windows\system32\x64
2011-11-26 21:15 . 2011-11-26 21:15 -------- d-----w- c:\users\Ashley\AppData\Local\ElevatedDiagnostics
2011-11-26 19:14 . 2011-11-26 19:14 -------- d-----w- c:\users\Ashley\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 19:04 . 2011-11-26 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-26 19:04 . 2011-11-26 19:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\users\Ashley\AppData\Roaming\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 19:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:36 . 2011-10-03 10:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-25 23:12 . 2011-11-25 23:17 111616 ----a-w- c:\windows\system32\03D37iu.com_
2011-11-24 18:41 . 2011-11-26 15:58 -------- d-----w- c:\program files\PC Tools Security
2011-11-24 18:33 . 2011-11-25 04:33 -------- d-----w- c:\programdata\PC Tools
2011-11-20 03:43 . 2011-11-20 03:43 -------- d-----w- c:\program files\iPod
2011-11-20 03:42 . 2011-11-20 03:44 -------- d-----w- c:\program files\iTunes
2011-11-15 23:01 . 2011-11-15 23:01 -------- d-----w- c:\program files\Common Files\Skype
2011-11-15 23:01 . 2011-11-15 23:03 -------- d-----r- c:\program files\Skype
2011-11-14 14:27 . 2011-11-14 14:27 4335776 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-11-12 18:56 . 2011-11-12 18:56 -------- d-----w- c:\programdata\AVS4YOU
2011-11-12 18:56 . 2011-11-12 18:56 -------- d-----w- c:\users\Ashley\AppData\Roaming\AVS4YOU
2011-11-12 18:53 . 2011-11-24 14:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-11-12 18:52 . 2011-06-23 18:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-11-12 18:52 . 2011-11-24 14:27 -------- d-----w- c:\program files\AVS4YOU
2011-11-12 18:35 . 2011-11-12 18:35 -------- d-----w- c:\programdata\muvee Technologies
2011-11-12 18:35 . 2011-11-12 18:36 -------- d-----w- c:\users\Ashley\AppData\Roaming\muvee Technologies
2011-11-12 18:27 . 2011-11-12 18:27 -------- d-----w- c:\windows\Sun
2011-11-11 22:07 . 2011-11-11 22:07 -------- d-----w- c:\programdata\Wondershare
2011-11-11 22:07 . 2011-11-11 22:07 -------- d-----w- c:\program files\Wondershare
2011-11-08 20:00 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 20:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 14:21 . 2011-09-11 14:08  414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 06:28 . 2011-11-22 20:17 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3510A141-4214-4D11-8627-A15AE38768B5}\mpengine.dll
2011-10-03 10:06 . 2011-09-11 13:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 16:31 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-11 16:31 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-11 16:30 . 2008-10-23 10:43 1066544 ----a-w- c:\windows\system32\MFC71.dll
2011-09-11 16:30 . 2008-10-23 10:43 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2011-09-06 13:30 . 2011-10-11 20:45 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-11 20:44 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-09 19:59 . 2011-09-11 14:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\x64 ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1601730260-1379543078-2060792534-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\Ashley\AppData\Local\Temp\CFcatchme.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\At1.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At10.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At11.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At12.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At13.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At14.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At15.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At16.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At17.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At18.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At19.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At2.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At20.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At21.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At22.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At23.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At24.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At3.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At4.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At5.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At6.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At7.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At8.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\At9.job
- c:\programdata\Son83Ntr.exe [2011-11-29 23:17]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-11 c:\windows\Tasks\HPCeeScheduleForAshley.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-11-29 c:\windows\Tasks\WebReg Officejet 6000 E609a Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-28 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:62970
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9j1v10w6.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\03D37I~1.COM
.
**************************************************************************
.
Completion time: 2011-11-29 16:21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 21:21
ComboFix2.txt 2011-11-29 19:58
.
Pre-Run: 215,099,310,080 bytes free
Post-Run: 215,403,491,328 bytes free
.
- - End Of File - - AE331F96E733F38BD6BBEA3D3510D4B1
Upload was successful


----------



## Larusso (Aug 9, 2011)

Hmpf, 
Something dropping some files again. So lets run a second script here.

Open *notepad* and copy/paste the text in the Code-box below into it:


```
Folder::
c:\windows\system32\x64

AtJob::

File::
c:\windows\system32\03D37iu.com_
c:\programdata\Son83Ntr.exe
c:\windows\system32\03D37I~1.COM
```

 Save this as *CFScript.txt*, in the same location as ComboFix.exe.
 Close any open browsers.
 Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.










Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Double click GMER.exe. 

 If asked to allow gmer.sys driver to load, please consent .
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Uncheck the following ...
 *IAT/EAT*
 *Drives/Partition other than Systemdrive* (typically C:\)
 *Show All* (don't miss this one)

 Then click the Scan button & wait for it to finish.
 Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

***Caution***
*Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries *

*Please post in your next reply*
Combofix.txt
ark.txt


----------



## vivalamusic (Jan 1, 1970)

Here is the Combo Fix. The ark will be posted as soon as the scan is done.

ComboFix 11-11-28.02 - Ashley 11/29/2011 16:48:13.3.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3002.1786 [GMT -5:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript3.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Son83Ntr.exe"
"c:\windows\system32\03D37I~1.COM"
"c:\windows\system32\03D37iu.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Son83Ntr.exe
c:\programdata\Son83Ntr.exe_
c:\windows\system32\03D37I~1.COM
c:\windows\system32\03D37iu.com_
c:\windows\system32\x64
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
----- File Replicators -----
.
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Application Data\Son83Ntr.exe
c:\documents and settings\All Users\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Application Data\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\All Users\NexonUS\NGM\NGM.exe
c:\documents and settings\All Users\Son83Ntr.exe
c:\documents and settings\All Users\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\documents and settings\All Users\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\documents and settings\All Users\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\documents and settings\All Users\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\documents and settings\All Users\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\WildTangent\oem-eula-sporecc.exe
c:\documents and settings\All Users\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\Application Data\WildTangent\oem-eula.exe
c:\programdata\Application Data\NexonUS\NGM\NGM.exe
c:\programdata\Application Data\Son83Ntr.exe
c:\programdata\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\Application Data\WildTangent\oem-eula-sporecc.exe
c:\programdata\Application Data\WildTangent\oem-eula.exe
c:\programdata\NexonUS\NGM\NGM.exe
c:\programdata\Son83Ntr.exe
c:\programdata\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\programdata\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\programdata\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\programdata\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\programdata\WildTangent\oem-eula-sporecc.exe
c:\programdata\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\Application Data\NexonUS\NGM\NGM.exe
c:\users\All Users\Application Data\Son83Ntr.exe
c:\users\All Users\Application Data\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
c:\users\All Users\Application Data\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\users\All Users\Application Data\WildTangent\oem-eula-sporecc.exe
c:\users\All Users\Application Data\WildTangent\oem-eula.exe
c:\users\All Users\NexonUS\NGM\NGM.exe
c:\users\All Users\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
c:\users\All Users\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\users\All Users\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
c:\users\All Users\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\users\All Users\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
c:\users\All Users\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\users\All Users\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\users\All Users\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\users\All Users\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\users\All Users\WildTangent\oem-eula.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 21:59 . 2011-11-29 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 11:48 . 2011-11-29 21:59 -------- d-----w- c:\users\Ashley\AppData\Local\temp
2011-11-26 21:15 . 2011-11-26 21:15 -------- d-----w- c:\users\Ashley\AppData\Local\ElevatedDiagnostics
2011-11-26 19:14 . 2011-11-26 19:14 -------- d-----w- c:\users\Ashley\AppData\Roaming\SUPERAntiSpyware.com
2011-11-26 19:04 . 2011-11-26 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-26 19:04 . 2011-11-26 19:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\users\Ashley\AppData\Roaming\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 19:00 . 2011-11-26 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 19:00 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 04:36 . 2011-10-03 10:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-24 18:41 . 2011-11-26 15:58 -------- d-----w- c:\program files\PC Tools Security
2011-11-24 18:33 . 2011-11-25 04:33 -------- d-----w- c:\programdata\PC Tools
2011-11-22 20:17 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3510A141-4214-4D11-8627-A15AE38768B5}\mpengine.dll
2011-11-20 03:43 . 2011-11-20 03:43 -------- d-----w- c:\program files\iPod
2011-11-20 03:42 . 2011-11-20 03:44 -------- d-----w- c:\program files\iTunes
2011-11-15 23:01 . 2011-11-15 23:01 -------- d-----w- c:\program files\Common Files\Skype
2011-11-15 23:01 . 2011-11-15 23:03 -------- d-----r- c:\program files\Skype
2011-11-14 14:27 . 2011-11-14 14:27 4335776 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-11-12 18:56 . 2011-11-12 18:56 -------- d-----w- c:\programdata\AVS4YOU
2011-11-12 18:56 . 2011-11-12 18:56 -------- d-----w- c:\users\Ashley\AppData\Roaming\AVS4YOU
2011-11-12 18:53 . 2011-11-24 14:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-11-12 18:52 . 2011-06-23 18:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-11-12 18:52 . 2011-11-24 14:27 -------- d-----w- c:\program files\AVS4YOU
2011-11-12 18:35 . 2011-11-12 18:35 -------- d-----w- c:\programdata\muvee Technologies
2011-11-12 18:35 . 2011-11-12 18:36 -------- d-----w- c:\users\Ashley\AppData\Roaming\muvee Technologies
2011-11-12 18:27 . 2011-11-12 18:27 -------- d-----w- c:\windows\Sun
2011-11-11 22:07 . 2011-11-11 22:07 -------- d-----w- c:\programdata\Wondershare
2011-11-11 22:07 . 2011-11-11 22:07 -------- d-----w- c:\program files\Wondershare
2011-11-08 20:00 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 20:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 14:21 . 2011-09-11 14:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2011-09-11 13:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 16:31 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-11 16:31 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-11 16:30 . 2008-10-23 10:43 1066544 ----a-w- c:\windows\system32\MFC71.dll
2011-09-11 16:30 . 2008-10-23 10:43 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2011-09-06 13:30 . 2011-10-11 20:45 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-11 20:44 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-09 19:59 . 2011-09-11 14:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1601730260-1379543078-2060792534-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\Ashley\AppData\Local\Temp\CFcatchme.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1601730260-1379543078-2060792534-1000UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-20 20:20]
.
2011-11-11 c:\windows\Tasks\HPCeeScheduleForAshley.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-11-29 c:\windows\Tasks\WebReg Officejet 6000 E609a Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-28 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:62970
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\9j1v10w6.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MapleStory - c:\programdata\NexonUS\NGM\NGM.exe
AddRemove-{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} - c:\programdata\NexonUS\NGM\NGM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 16:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-29 17:01:52
ComboFix-quarantined-files.txt 2011-11-29 22:01
ComboFix2.txt 2011-11-29 21:24
ComboFix3.txt 2011-11-29 19:58
.
Pre-Run: 215,419,555,840 bytes free
Post-Run: 214,663,716,864 bytes free
.
- - End Of File - - B87E03EE57B84F98AEC5F966FF888168


----------



## vivalamusic (Jan 1, 1970)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-01 06:16:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: sxmw95h0.exe; Driver: C:\Users\Ashley\AppData\Local\Temp\uxdiqpod.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x9048A640]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1

---- EOF - GMER 1.0.15 ----


----------



## Larusso (Aug 9, 2011)

Hy there, 
how is your system behaving now ?

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.


If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform Quick scan*, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

*Please post in your next reply*
MBAM LOg


----------



## vivalamusic (Jan 1, 1970)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8249

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/1/2011 4:31:46 PM
mbam-log-2011-12-01 (16-31-46).txt

Scan type: Quick scan
Objects scanned: 203751
Time elapsed: 15 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Larusso (Aug 9, 2011)

Looks good 

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
*Java(TM) 6 Update 7*

*Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.*

There is a newer version of *Adobe Acrobat Reader* available.

Please go to this link *Adobe Acrobat Reader Download Link*
Untick *Free McAfee® Security Scan Plus* if you do not wish to include this in the installation.
Click Download
On the right Untick *Adobe Phototshop Album Starter Edition* if you do not wish to include this in the installation.
Click the *Continue* button
Click *Run*, and click *Run* again
Next click the *Install Now* button and follow the on screen prompts

When the installation is complete go to *Add/Remove Programs* and uninstall all previous versions.

Go *here* to run an online scanner from ESET.
*Note:* You will need to use *Internet explorer* for this scan
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option *Remove found threats* is unticked, and the option *Scan unwanted applications* is checked
Click Start
Wait for the scan to finish
Use *notepad* to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log in your next reply.

*Please post in your next reply*
log.txt
note any open issues


----------



## vivalamusic (Jan 1, 1970)

C:\Documents and Settings\Ashley\AppData\Local\Mozilla\Firefox\Profiles\9j1v10w6.default\Cache\2\A1\138D6d01 HTML/Fraud.BD.Gen trojan
C:\Documents and Settings\Ashley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\773490-50637e06 a variant of Win32/Kryptik.WFA trojan
C:\Documents and Settings\Ashley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\c5b5036-136e914b a variant of Win32/Kryptik.VIC trojan
C:\Qoobox\Quarantine\[4]-Submit_2011-11-29_16.02.29.zip a variant of Win32/Kryptik.VRX trojan
C:\Qoobox\Quarantine\C\ProgramData\Son83Ntr.exe.vir a variant of Win32/Kryptik.VRX trojan
C:\Qoobox\Quarantine\C\ProgramData\Son83Ntr.exe_.vir a variant of Win32/Kryptik.VRX trojan
C:\Qoobox\Quarantine\C\Users\Ashley\AppData\Roaming\firefox.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Users\Ashley\AppData\Roaming\java.exe.vir a variant of Win32/Kryptik.WFA trojan
C:\Qoobox\Quarantine\C\Users\Ashley\AppData\Roaming\mFF44pmG5sQJd\AV Protection 2011v121.exe.vir a variant of Win32/Kryptik.WFA trojan
C:\Qoobox\Quarantine\C\Users\Ashley\AppData\Roaming\Microsoft\4606\240E.tmp.vir a variant of Win32/Kryptik.VZB trojan
C:\Qoobox\Quarantine\C\Windows\System32\03D37I~1.COM.vir a variant of Win32/Kryptik.VRX trojan
C:\Qoobox\Quarantine\C\Windows\System32\drivers\cdrom.sys.vir a variant of Win32/Rootkit.Kryptik.FE trojan
C:\Qoobox\Quarantine\Replicators\2FB92850E385D5C54B7E678E336B5471 a variant of Win32/Kryptik.VRX trojan
C:\Users\Ashley\AppData\Local\Mozilla\Firefox\Profiles\9j1v10w6.default\Cache\2\A1\138D6d01 HTML/Fraud.BD.Gen trojan
C:\Users\Ashley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\773490-50637e06 a variant of Win32/Kryptik.WFA trojan
C:\Users\Ashley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\c5b5036-136e914b a variant of Win32/Kryptik.VIC trojan


----------



## Larusso (Aug 9, 2011)

Looks good. 
Most of the detections are in the quarantine of Combofix and will be flushed at the end of the fix.

We take care about the other ones now.

Please download *TFC* by OldTimer to your desktop.


 Close any open windows.
 Please double-click *TFC.exe* to run it.
*Vista and Win7 Users*: Please right-click on the file and choose *Run As Administrator*.
 TFC will close all open programs itself in order to run.
 Click the Start button to begin the process
 Allow TFC to run uninterrupted.
 The program should not take long to finish it's job.
 Once it's finished it should automatically *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

Please launch *DDS*
When done, DDS will open two (2) logs:
 DDS.txt
 Attach.txt

Save both reports to your desktop and post both in your next reply

*Please post in your next reply*
dds.txt
attach.txt
Note any open issues


----------



## vivalamusic (Jan 1, 1970)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Ashley at 11:02:29 on 2011-12-04
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3002.1668 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D1A7D160-A066-4283-AA6A-D6E291EE1173} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\9j1v10w6.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ashley\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-22 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-01 22:50:30 -------- d-----w- c:\program files\ESET
2011-11-29 22:01:56 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-29 11:48:58 -------- d-----w- c:\users\ashley\appdata\local\temp
2011-11-29 03:50:16 518144 ----a-w- c:\windows\SWREG.exe
2011-11-29 03:50:16 256000 ----a-w- c:\windows\PEV.exe
2011-11-29 03:50:16 208896 ----a-w- c:\windows\MBR.exe
2011-11-29 03:50:15 98816 ----a-w- c:\windows\sed.exe
2011-11-26 21:15:34 -------- d-----w- c:\users\ashley\appdata\local\ElevatedDiagnostics
2011-11-26 19:14:58 -------- d-----w- c:\users\ashley\appdata\roaming\SUPERAntiSpyware.com
2011-11-26 19:04:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-26 19:04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-26 19:00:19 -------- d-----w- c:\users\ashley\appdata\roaming\Malwarebytes
2011-11-26 19:00:10 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 19:00:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 19:00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 04:36:29 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-11-24 18:41:20 -------- d-----w- c:\program files\PC Tools Security
2011-11-24 18:33:06 -------- d-----w- c:\programdata\PC Tools
2011-11-22 20:17:49 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3510a141-4214-4d11-8627-a15ae38768b5}\mpengine.dll
2011-11-20 03:43:03 -------- d-----w- c:\program files\iPod
2011-11-20 03:42:57 -------- d-----w- c:\program files\iTunes
2011-11-15 23:01:48 -------- d-----r- c:\program files\Skype
2011-11-14 14:27:26 4335776 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-11-12 18:56:19 -------- d-----w- c:\programdata\AVS4YOU
2011-11-12 18:56:07 -------- d-----w- c:\users\ashley\appdata\roaming\AVS4YOU
2011-11-12 18:53:39 -------- d-----w- c:\program files\common files\AVSMedia
2011-11-12 18:52:03 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-11-12 18:52:02 -------- d-----w- c:\program files\AVS4YOU
2011-11-11 22:07:40 -------- d-----w- c:\programdata\Wondershare
2011-11-11 22:07:11 -------- d-----w- c:\program files\Wondershare
2011-11-08 20:00:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-08 20:00:36 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:00:20 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-11-12 14:21:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 16:31:00 505392 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-11 16:31:00 353840 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-11 16:30:59 1066544 ----a-w- c:\windows\system32\MFC71.dll
2011-09-11 16:30:59 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:03:36.08 ===============


----------



## vivalamusic (Jan 1, 1970)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2011 12:16:59 PM
System Uptime: 12/4/2011 10:58:27 AM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 203.054 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 1.705 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609a
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.6
Adobe Reader X (10.1.1)
Adobe Shockwave Player
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
DeviceDiscovery
Download Updater (AOL LLC)
ESET Online Scanner v3
ESU for Microsoft Vista
Google Chrome
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 14.0
HP Officejet 6000 E609 Series
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
Network
NetZero Preloader
Norton Internet Security
Power2Go
PowerDirector
ProductContext
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shop for HP Supplies
Skype Click to Call
Skype 5.6
SmartWebPrinting
SolutionCenter
Spotify
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Sims Life Stories
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB934528)
WebReg
.
==== Event Viewer Messages From Past Week ========
.
12/4/2011 12:35:01 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/4/2011 12:33:31 AM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
12/3/2011 11:25:02 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00242C1FC72A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/1/2011 5:47:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/1/2011 5:47:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2011 5:47:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/1/2011 10:08:40 PM, Error: EventLog [6008] - The previous system shutdown at 10:06:33 PM on 12/1/2011 was unexpected.
11/30/2011 6:27:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00242C1FC72A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/30/2011 5:34:20 PM, Error: EventLog [6008] - The previous system shutdown at 5:33:13 PM on 11/30/2011 was unexpected.
11/30/2011 11:05:33 AM, Error: EventLog [6008] - The previous system shutdown at 11:04:01 AM on 11/30/2011 was unexpected.
11/29/2011 6:32:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00242C1FC72A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/29/2011 4:59:40 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/29/2011 4:44:54 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


----------



## Larusso (Aug 9, 2011)

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
*Java(TM) 6 Update 7*

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available:
*Avast!*
*Microsoft Security Essentials*
 Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

Unless you do not have any open issues, you are good to go.
Please follow these last few steps 

Please press the







+ R Key and Copy/Paste the following single-line command into the Run box and click OK

*combofix /uninstall*

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system *up to date*

Please enable Automatic Updates to keep your system up to date.
 *Windows Updates*
*Win XP*: Start --> Control Panel and double- click on Automatic Updates.
*Vista / 7*: Start --> Control Panel --> System and Security --> Windows Updates

 *Software Updates*
Your installed Software also can have vulnerabilities that malware can use to infect your system.
To keep your installed Software up to date I recommend *File Hippo*.

*Anti Virus Software*

 Make sure to have *one* Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

*Additional Protection*

 *Malwarebytes Anti Malware*
The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
 *WinPatrol*
WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

*Safer Browsing*

 *Web of Trust ( WOT )*
This software helps you to stay away from sites that have malicious purposes.
 *SpywareBlaster*
This software helps prevent the installation of ActiveX-based spyware
 *MVPS Hosts file*
This Hosts File will restrict known ad sites from serving you unsolicited advertisements.

*Use an alternate browser*
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

 *Opera*
 *Firefox*
*Note*: If you use Firefox you may want to have a look on this Add Ons.
 *AdblockPlus*https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ ( Blocks advertisments )
 *NoScript*https://addons.mozilla.org/en-US/firefox/addon/noscript/ ( Blocks Java, Flash and JavaScript )

*Computer Maintenance*
Clean out your temp files on a regular basis -I recommend *TFC* ( Temp File Cleaner ).

*Thinking while surfing*
*There is no software which will protect your system from yourself.* 
I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

 Staying Safe on the Internet ( by Glaswegian )
 Making Internet Explorer Safer.
 Think Prevention!

If you have any questions kindly ask.

*Please respond to this thread one more time and click on the MARK SOLVED Button at the top of your first post.*


----------



## vivalamusic (Jan 1, 1970)

Hi there,

Thank you so much for helping me out. Should I keep the .txt? The DDS and ark and combofix ones. Or should I delete them? And is having Spybot, Malwarebytes by Anti-Malware and SuperAntiSpyware Free Edition too much?


----------



## Larusso (Aug 9, 2011)

You are welcome



> You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.


My recommendations are in the prevention speech and I would uninstall SuperAntiSpyware.


----------



## vivalamusic (Jan 1, 1970)

Alright, thank you.


----------

