Jump to content

CDL_1976

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by CDL_1976

  1. Marius, All done! I am extremely grateful to you for the speed, patience and reliability with which you provided me advice to address this problem. I had not the slightest idea of how to remedy it myself, and the only solution in the absence of your advice would have been to revert my computer to its factory settings. Your solution has been, needless to say, immeasurably more preferable than the crude one to which I would have had no choice but to resort were I not to have benefited from your expertise. I should like to make, and will make, a donation in gratitude for the support you offered gratuitously. This donation cannot, regrettably, approach the value of what I would have lost were the infection to have done its dirty work before your guided intervention. However, I hope it will, though a small gesture, reflect my indebtedness to you and help you to continue in giving the assistance to others that has been so beneficial to me.
  2. Log from Security Check: Results of screen317's Security Check version 0.99.73 Windows Vista Service Pack 2 x86 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Kaspersky PURE 3.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 40 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (23.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky PURE 3.0 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. Log from AdwCleaner: # AdwCleaner v3.004 - Report created 16/09/2013 at 21:52:12 # Updated 15/09/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : C D Larcombe - CDLARCOMBE-PC # Running from : C:\Users\C D Larcombe\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\ProgramData\CodecCheck Folder Deleted : C:\Users\C D Larcombe\AppData\Local\Babylon Folder Deleted : C:\Users\C D Larcombe\AppData\Local\Coupon Companion Plugin Folder Deleted : C:\Users\C D Larcombe\AppData\Local\OpenCandy Folder Deleted : C:\Users\C D Larcombe\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\C D Larcombe\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\C D Larcombe\AppData\Roaming\Babylon Folder Deleted : C:\Users\C D Larcombe\AppData\Roaming\SearchYa Folder Deleted : C:\Users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\ConduitCommon Folder Deleted : C:\Users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\SweetIMToolbarData File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon.lnk File Deleted : C:\Users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\foxydeal.sqlite File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml File Deleted : C:\Users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\BabyDict Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1 Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1 Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe Value Deleted : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Babylon Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\searchya Key Deleted : HKCU\Software\searchya.com Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\InstallCore Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Crossrider Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.19458 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Mozilla Firefox v23.0.1 (en-GB) [ File : C:\Users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\prefs.js ] Line Deleted : user_pref("CT1460988.CTID", "CT1460988"); Line Deleted : user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.CommunityChanged", true); Line Deleted : user_pref("CT1460988.EMailNotifierPollDate", "Thu May 28 2009 13:48:42 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FeedPollDate128460898315556274", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FeedPollDate128460899415556929", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FeedPollDate128460899564463182", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FeedPollDate128460899661963361", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FeedPollDate128460899768994715", "Thu May 28 2009 13:43:41 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FeedPollDate128479826070094154", "Thu May 28 2009 13:43:41 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.FirstTime", true); Line Deleted : user_pref("CT1460988.FirstTimeFF3", true); Line Deleted : user_pref("CT1460988.FixPageNotFoundErrors", true); Line Deleted : user_pref("CT1460988.GroupingLastCheckTime", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.GroupingLastErrorCode", ""); Line Deleted : user_pref("CT1460988.GroupingLastResponse", true); Line Deleted : user_pref("CT1460988.GroupingLastServerUpdateTime", "128865147360900000"); Line Deleted : user_pref("CT1460988.Initialize", true); Line Deleted : user_pref("CT1460988.InitializeCommonPrefs", true); Line Deleted : user_pref("CT1460988.InvalidateCache", false); Line Deleted : user_pref("CT1460988.IsGrouping", true); Line Deleted : user_pref("CT1460988.IsMulticommunity", false); Line Deleted : user_pref("CT1460988.IsOpenThankYouPage", true); Line Deleted : user_pref("CT1460988.IsOpenUninstallPage", true); Line Deleted : user_pref("CT1460988.LastLogin", "Thu May 28 2009 13:43:39 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.LoginCache", "4"); Line Deleted : user_pref("CT1460988.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT1460988.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT1460988.MyGadgetsTrustedDomains", "u-page.com"); Line Deleted : user_pref("CT1460988.RadioIsPodcast", false); Line Deleted : user_pref("CT1460988.RadioLastCheckTime", "Thu May 28 2009 13:46:13 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.RadioLastUpdateIPServer", "4"); Line Deleted : user_pref("CT1460988.RadioLastUpdateServer", "128865147360900000"); Line Deleted : user_pref("CT1460988.RadioMediaID", "6820481"); Line Deleted : user_pref("CT1460988.RadioMediaType", "Media Player"); Line Deleted : user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481"); Line Deleted : user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT"); Line Deleted : user_pref("CT1460988.SHRINK_TOOLBAR", 1); Line Deleted : user_pref("CT1460988.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT1460988.ThirdPartyComponentsInterval", "72"); Line Deleted : user_pref("CT1460988.UserID", "UN20090528134339285"); Line Deleted : user_pref("CT1460988.WeatherNetwork", ""); Line Deleted : user_pref("CT1460988.WeatherPollDate", "Thu May 28 2009 13:43:42 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.WeatherUnit", "C"); Line Deleted : user_pref("CT1460988.ct1460988.AllowNonPrivacy", false); Line Deleted : user_pref("CT1460988.ct1460988.CommunityChanged", false); Line Deleted : user_pref("CT1460988.ct1460988.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT1460988.ct1460988.FeedLastCount128460900971181341", 147); Line Deleted : user_pref("CT1460988.ct1460988.GroupingInvalidateCache", false); Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastCheckTime", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastErrorCode", ""); Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastResponse", true); Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastServerUpdateTime", "128865147360900000"); Line Deleted : user_pref("CT1460988.ct1460988.InvalidateCache", false); Line Deleted : user_pref("CT1460988.ct1460988.LanguagePackLastCheckTime", "Thu May 28 2009 13:43:45 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.ct1460988.LanguagePackReloadInterval", "24"); Line Deleted : user_pref("CT1460988.ct1460988.Locale", "en-us"); Line Deleted : user_pref("CT1460988.ct1460988.RadioLastCheckTime", "Thu May 28 2009 13:43:44 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.ct1460988.RadioLastUpdateIPServer", "4"); Line Deleted : user_pref("CT1460988.ct1460988.RadioLastUpdateServer", "128865147360900000"); Line Deleted : user_pref("CT1460988.ct1460988.SettingsInvalidateCache", false); Line Deleted : user_pref("CT1460988.ct1460988.SettingsLastUpdate", "1242298758"); Line Deleted : user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastCheck", "Thu May 28 2009 13:43:40 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastUpdate", "1242297280"); Line Deleted : user_pref("CT1460988.ct1460988.ToolbarAlignMode", "SYSTEM"); Line Deleted : user_pref("CT1460988.ct1460988.VusualLastUpdateTime", "1242033936"); Line Deleted : user_pref("CT2653012..clientLogIsEnabled", true); Line Deleted : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Line Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true); Line Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true); Line Deleted : user_pref("CT2653012.CTID", "CT2653012"); Line Deleted : user_pref("CT2653012.CurrentServerDate", "3-1-2012"); Line Deleted : user_pref("CT2653012.DSInstall", true); Line Deleted : user_pref("CT2653012.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT2653012.DialogsGetterLastCheckTime", "Tue Jan 03 2012 22:05:37 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.DownloadReferralCookieData", ""); Line Deleted : user_pref("CT2653012.FirstServerDate", "3-1-2012"); Line Deleted : user_pref("CT2653012.FirstTime", true); Line Deleted : user_pref("CT2653012.FirstTimeFF3", true); Line Deleted : user_pref("CT2653012.FixPageNotFoundErrors", true); Line Deleted : user_pref("CT2653012.GroupingServerCheckInterval", 1440); Line Deleted : user_pref("CT2653012.HPInstall", true); Line Deleted : user_pref("CT2653012.HasUserGlobalKeys", true); Line Deleted : user_pref("CT2653012.HomePageProtectorEnabled", true); Line Deleted : user_pref("CT2653012.Initialize", true); Line Deleted : user_pref("CT2653012.InitializeCommonPrefs", true); Line Deleted : user_pref("CT2653012.InstallationAndCookieDataSentCount", 1); Line Deleted : user_pref("CT2653012.InstallationType", "ConduitIntegration"); Line Deleted : user_pref("CT2653012.InstalledDate", "Tue Jan 03 2012 22:05:36 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.InvalidateCache", false); Line Deleted : user_pref("CT2653012.IsGrouping", false); Line Deleted : user_pref("CT2653012.IsInitSetupIni", true); Line Deleted : user_pref("CT2653012.IsMulticommunity", false); Line Deleted : user_pref("CT2653012.IsOpenThankYouPage", false); Line Deleted : user_pref("CT2653012.IsOpenUninstallPage", true); Line Deleted : user_pref("CT2653012.IsProtectorsInit", true); Line Deleted : user_pref("CT2653012.LanguagePackLastCheckTime", "Tue Jan 03 2012 22:05:38 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440); Line Deleted : user_pref("CT2653012.LastLogin_3.8.1.0", "Tue Jan 03 2012 22:05:38 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.LatestVersion", "3.8.1.0"); Line Deleted : user_pref("CT2653012.Locale", "en"); Line Deleted : user_pref("CT2653012.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT2653012.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT2653012.MyStuffEnabledAtInstallation", true); Line Deleted : user_pref("CT2653012.OriginalFirstVersion", "3.8.1.0"); Line Deleted : user_pref("CT2653012.RadioLastCheckTime", "Tue Jan 03 2012 22:05:41 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.RadioLastUpdateIPServer", "3"); Line Deleted : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000"); Line Deleted : user_pref("CT2653012.RadioShrinkedFromSetup", false); Line Deleted : user_pref("CT2653012.SearchCaption", "Veoh Web Player Customized Web Search"); Line Deleted : user_pref("CT2653012.SearchEngineBeforeUnload", "Veoh Web Player Customized Web Search"); Line Deleted : user_pref("CT2653012.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT2653012.SearchInNewTabEnabled", true); Line Deleted : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440); Line Deleted : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Tue Jan 03 2012 22:05:38 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.SearchProtectorEnabled", true); Line Deleted : user_pref("CT2653012.SearchProtectorToolbarDisabled", true); Line Deleted : user_pref("CT2653012.SendProtectorDataViaLogin", true); Line Deleted : user_pref("CT2653012.ServiceMapLastCheckTime", "Tue Jan 03 2012 22:05:35 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.SettingsLastCheckTime", "Tue Jan 03 2012 22:05:36 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.SettingsLastUpdate", "1324837036"); Line Deleted : user_pref("CT2653012.ThirdPartyComponentsInterval", 504); Line Deleted : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Tue Jan 03 2012 22:05:35 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586"); Line Deleted : user_pref("CT2653012.ToolbarDisabled", true); Line Deleted : user_pref("CT2653012.ToolbarShrinkedFromSetup", false); Line Deleted : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...] Line Deleted : user_pref("CT2653012.UserID", "UN52062570993313769"); Line Deleted : user_pref("CT2653012.alertChannelId", "1045667"); Line Deleted : user_pref("CT2653012.backendstorage.cbfirsttime", "547565204A616E20303320323031322032323A30353A343320474D542B313130302028415553204561737465726E204461796C696768742054696D6529"); Line Deleted : user_pref("CT2653012.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Line Deleted : user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F7777772E316368616E6E656C2E63682F65787465726E616C2E7068703F7469746C653D496B6972752675726C3D6148523063446F764C335A6C5A57686B4C6D4E7662533[...] Line Deleted : user_pref("CT2653012.backendstorage.url_history_time", "31333235353838373734393132"); Line Deleted : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 22:05:37 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.homepageProtectorEnableByLogin", true); Line Deleted : user_pref("CT2653012.initDone", true); Line Deleted : user_pref("CT2653012.isAppTrackingManagerOn", true); Line Deleted : user_pref("CT2653012.isFirstRadioInstallation", false); Line Deleted : user_pref("CT2653012.myStuffEnabled", true); Line Deleted : user_pref("CT2653012.myStuffPublihserMinWidth", 400); Line Deleted : user_pref("CT2653012.myStuffServiceIntervalMM", 1440); Line Deleted : user_pref("CT2653012.revertSettingsEnabled", true); Line Deleted : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10); Line Deleted : user_pref("CT2653012.searchProtectorEnableByLogin", true); Line Deleted : user_pref("CT2653012.testingCtid", ""); Line Deleted : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Tue Jan 03 2012 22:05:37 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Tue Jan 03 2012 22:05:40 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CT2653012.usagesFlag", 2); Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Veoh Web Player Customized Web Search"); Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0"); Line Deleted : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440); Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1460988,CT2653012"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,CT2653012"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2653012"); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Nov 29 2010 03:14:59 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Nov 29 2010 03:14:58 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156"); Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line Deleted : user_pref("CommunityToolbar.alert.userId", "{2e4ada03-2891-45e6-9581-5c0d9290f5de}"); Line Deleted : user_pref("CommunityToolbar.globalUserId", "19f36c51-05b9-4bce-be1c-5c474a5e2c3d"); Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012"); Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jan 03 2012 22:05:50 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jan 03 2012 22:05:36 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Line Deleted : user_pref("CommunityToolbar.notifications.userId", "102db09e-0eae-4a2b-bd69-ca5051f984e1"); Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "WR French-English"); Line Deleted : user_pref("browser.search.defaultenginename", "SearchYa!"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search"); Line Deleted : user_pref("browser.search.order.1", "SearchYa!"); Line Deleted : user_pref("extensions.crossrider.bic", "133785c18454abc338330453ba41e709"); Line Deleted : user_pref("extensions.crossriderapp435.435.active", true); Line Deleted : user_pref("extensions.crossriderapp435.435.affid", "0"); Line Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 8); Line Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221330230092%22"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.expiration", "Sun Jun 10 2012 21:37:22 GMT+1000 (AUS Eastern Standard Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%22121.216.241.42%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Sydney%22%2C%22geoplugi[...] Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2221269%22"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1100 (AUS Eastern Daylight Time)"); Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22"); Line Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check"); Line Deleted : user_pref("extensions.crossriderapp435.435.domain", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.emailsig", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.exposesites", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.group", 0); Line Deleted : user_pref("extensions.crossriderapp435.435.homepage", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.iframe", false); Line Deleted : user_pref("extensions.crossriderapp435.435.name", "Codec-V"); Line Deleted : user_pref("extensions.crossriderapp435.435.premium", true); Line Deleted : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay"); Line Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.thankyou", ""); Line Deleted : user_pref("extensions.crossriderapp435.435.ver", 51); Line Deleted : user_pref("extensions.crossriderapp435.apps", "435"); Line Deleted : user_pref("extensions.crossriderapp435.bic", "133785c18454abc338330453ba41e709"); Line Deleted : user_pref("extensions.crossriderapp435.cid", 435); Line Deleted : user_pref("extensions.crossriderapp435.firstrun", false); Line Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true); Line Deleted : user_pref("extensions.crossriderapp435.installationdate", 1330230078); Line Deleted : user_pref("extensions.crossriderapp435.jsver", 3); Line Deleted : user_pref("extensions.crossriderapp435.lastcheck", 22318932); Line Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 22319125); Line Deleted : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1339147504212"); Line Deleted : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1339147504211"); Line Deleted : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6,{6D898772-AD34-4c16-86BB-9DE787A5DEA0}:1.10,{CAFEEFAC-0016-0000-0013-ABC[...] Line Deleted : user_pref("extensions.facemoods._xpiupdate", true); Line Deleted : user_pref("extensions.facemoods.aflt", "_#wbst"); Line Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.3"); Line Deleted : user_pref("extensions.facemoods.id", "_#713a08b920644fed8a4bbf7ace04734c"); Line Deleted : user_pref("extensions.facemoods.instlDay", "_#15248"); Line Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com"); Line Deleted : user_pref("extensions.facemoods.sid", "_#713a08b920644fed8a4bbf7ace04734c"); Line Deleted : user_pref("extensions.facemoods.uninst", true); Line Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0"); Line Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5"); Line Deleted : user_pref("extensions.searchya.cntry", "AU"); Line Deleted : user_pref("extensions.searchya.hdrMd5", "2F705E2A2DF8E5E694C1E135F807C121"); Line Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.8.8.02:18:14"); Line Deleted : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}"); Line Deleted : user_pref("extensions.searchya.sg", "none"); Line Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.2\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\" [...] Line Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Line Deleted : user_pref("extensions.veohsearchrecs.id", "c1a8e5843-2c95-5339-0b67-7edca289749"); Line Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "30"); Line Deleted : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10"); Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{9FA7CDE0-EB4B-11E0-9A8A-00214F4B9636}"); ************************* AdwCleaner[R0].txt - [37058 octets] - [16/09/2013 21:19:00] AdwCleaner[R1].txt - [37119 octets] - [16/09/2013 21:50:50] AdwCleaner[s0].txt - [37236 octets] - [16/09/2013 21:52:12] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [37297 octets] ##########
  4. Hi Marius, I deleted the windows installer for Abbyy. I've downloaded Adwcleaner. I then clicked "run". I then hit "delete" but nothing happened. Am I supposed to hit "scan" before hitting "delete"?
  5. Here is the log, Marius, as requested: ComboFix 13-09-14.01 - C D Larcombe 16/09/2013 20:05:58.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1782 [GMT 10:00] Running from: c:\users\C D Larcombe\Desktop\ComboFix.exe Command switches used :: c:\users\C D Larcombe\Desktop\CFScript.txt AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\C D Larcombe\Downloads\Alcohol52_FE_2.0.2.3931.exe" "c:\users\C D Larcombe\Downloads\Kanji_Dictionary.exe" "c:\users\C D Larcombe\Downloads\RN_ErrorsFix_Setup.exe" "c:\users\C D Larcombe\Downloads\Spydig_Setup.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\temp\FR90PE c:\temp\FR90PE\1026.mst c:\temp\FR90PE\1029.mst c:\temp\FR90PE\1031.mst c:\temp\FR90PE\1033.mst c:\temp\FR90PE\1034.mst c:\temp\FR90PE\1036.mst c:\temp\FR90PE\1038.mst c:\temp\FR90PE\1040.mst c:\temp\FR90PE\1043.mst c:\temp\FR90PE\1045.mst c:\temp\FR90PE\1046.mst c:\temp\FR90PE\1049.mst c:\temp\FR90PE\1051.mst c:\temp\FR90PE\1053.mst c:\temp\FR90PE\1055.mst c:\temp\FR90PE\1058.mst c:\temp\FR90PE\1061.mst c:\temp\FR90PE\1062.mst c:\temp\FR90PE\1063.mst c:\temp\FR90PE\2052.mst c:\temp\FR90PE\ABBYY FineReader 9.0 Professional Edition.msi c:\temp\FR90PE\ABBYY FineReader 9.0\AbbyySTI.exe c:\temp\FR90PE\ABBYY FineReader 9.0\AbbyyZlib.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Abkhaz.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Adyghe.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Afrikns.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Agul.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Albanian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Altaic.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ArmEast.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ArmEast.amm c:\temp\FR90PE\ABBYY FineReader 9.0\ArmGrab.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ArmGrab.amm c:\temp\FR90PE\ABBYY FineReader 9.0\ArmWest.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ArmWest.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Awar.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Awl.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Aymara.amd c:\temp\FR90PE\ABBYY FineReader 9.0\AzeriCyr.amd c:\temp\FR90PE\ABBYY FineReader 9.0\AzeriLat.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Barcode.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Bashkir.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Bashkir.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Basic.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Basque.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Bemba.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Blackft.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Bold.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Bold.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Bold.str c:\temp\FR90PE\ABBYY FineReader 9.0\Brazil.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Brazil.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Breton.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Bugotu.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Bulgar.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Bulgar.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Buryat.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Byelorus.amd c:\temp\FR90PE\ABBYY FineReader 9.0\C.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Catalan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Catalan.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Chamorro.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Chechen.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Chemistry.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ChinesePRC.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ChineseTaiwan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Chukcha.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Chuvash.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Cobol.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Corsican.amd c:\temp\FR90PE\ABBYY FineReader 9.0\CrimTat.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Croatian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Croatian.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Crow.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Czech.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Czech.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Da.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Danish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Danish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Dargwa.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Default.fch c:\temp\FR90PE\ABBYY FineReader 9.0\DefaultBold.fch c:\temp\FR90PE\ABBYY FineReader 9.0\DefaultBoldItalic.fch c:\temp\FR90PE\ABBYY FineReader 9.0\DefaultItalic.fch c:\temp\FR90PE\ABBYY FineReader 9.0\Demo\Demo.tif c:\temp\FR90PE\ABBYY FineReader 9.0\DL81ACE.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81AdobeXMP.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81AGM.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81ARE.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81AXE8SharedExpat.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81BIB.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81BIBUtils.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81CoolType.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81JP2KLib.dll c:\temp\FR90PE\ABBYY FineReader 9.0\DL81PDFL.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Dungan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Dutch.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Dutch.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Engine.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine.dlp c:\temp\FR90PE\ABBYY FineReader 9.0\Engine0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Engine9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\EngineRes.dll c:\temp\FR90PE\ABBYY FineReader 9.0\English.amd c:\temp\FR90PE\ABBYY FineReader 9.0\English.amm c:\temp\FR90PE\ABBYY FineReader 9.0\EnglishLaw.amd c:\temp\FR90PE\ABBYY FineReader 9.0\EnglishLaw.amm c:\temp\FR90PE\ABBYY FineReader 9.0\EnglishMedical.amd c:\temp\FR90PE\ABBYY FineReader 9.0\EnglishMedical.amm c:\temp\FR90PE\ABBYY FineReader 9.0\EskimoC.amd c:\temp\FR90PE\ABBYY FineReader 9.0\EskimoL.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Esperan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Eston.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Eston.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Even.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Evenki.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Export.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ExtendedDictionaries\Japanese.amd c:\temp\FR90PE\ABBYY FineReader 9.0\ExtendedDictionaries\Japanese.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Faeroese.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Fijian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\FineExec.exe c:\temp\FR90PE\ABBYY FineReader 9.0\Finemodel.exe c:\temp\FR90PE\ABBYY FineReader 9.0\FineNet.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineObj.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader.exe c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader0.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader1.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader13.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader14.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader15.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader16.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader17.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader18.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader19.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader2.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader20.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader23.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader24.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader3.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader4.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader5.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader6.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader64.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader7.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineReader9.chm c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUI9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FineUIRes.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Finnish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Finnish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Flemmish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Flemmish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\FontSupport.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Fortran.amd c:\temp\FR90PE\ABBYY FineReader 9.0\FR9.Word.Tmpl.dot c:\temp\FR90PE\ABBYY FineReader 9.0\French.amd c:\temp\FR90PE\ABBYY FineReader 9.0\French.amm c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegration9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\FRIntegrationRes.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Frisian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Friulian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GaelicSc.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Gagauz.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Galician.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ganda.amd c:\temp\FR90PE\ABBYY FineReader 9.0\German.amd c:\temp\FR90PE\ABBYY FineReader 9.0\German.amm c:\temp\FR90PE\ABBYY FineReader 9.0\GermanLaw.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GermanLaw.amm c:\temp\FR90PE\ABBYY FineReader 9.0\GermanLx.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GermanMedical.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GermanMedical.amm c:\temp\FR90PE\ABBYY FineReader 9.0\GermanNS.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GermanNS.amm c:\temp\FR90PE\ABBYY FineReader 9.0\GermanNSLaw.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GermanNSLaw.amm c:\temp\FR90PE\ABBYY FineReader 9.0\GermanNSMedical.amd c:\temp\FR90PE\ABBYY FineReader 9.0\GermanNSMedical.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Greek.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Greek.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Guarani.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Bulgarian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Chinese.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Czech.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Dutch.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_English.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Estonian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_French.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_German.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Hungarian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Italian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Latvian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Lithuanian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Polish.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Portuguese.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Russian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Slovak.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Spanish.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Swedish.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Turkish.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Guide\Guide_Ukrainian.pdf c:\temp\FR90PE\ABBYY FineReader 9.0\Hani.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Hausa.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Hawaiian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Hebrew.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Hebrew.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Hungar.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Hungar.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Iceland.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ido.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.AbbyyLossless.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.Ccitt.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.Jbig2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.Jpeg.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.Lzw.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.Packbits.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Codec.Zip.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Bmp.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.DjVu.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Gif.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Jbig2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Jpeg.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Jpeg2k.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Pcx.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Pdf.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Png.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Tiff.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Format.Xps.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Helper.DjVu.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Helper.Pdf.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Helper.Xps.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Image.Services.Core.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Indones.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Indones.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Ingush.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Interlin.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Irish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Italian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Italian.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Italic.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Italic.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Italic.pts c:\temp\FR90PE\ABBYY FineReader 9.0\Italic.str c:\temp\FR90PE\ABBYY FineReader 9.0\Japanese.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Java.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kabard.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kalmyk.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Karachay.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Karakalp.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kasub.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kawa.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kazakh.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Khakas.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Khanty.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kikuyu.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kirgiz.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kongo.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Koryak.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kpelle.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Kumyk.amd c:\temp\FR90PE\ABBYY FineReader 9.0\KurdishL.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Lak.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Langinfo.dll c:\temp\FR90PE\ABBYY FineReader 9.0\LangInfoUnicode.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Lappish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Latin.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Latvian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Latvian.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Lezgin.amd c:\temp\FR90PE\ABBYY FineReader 9.0\License_JasPer.txt c:\temp\FR90PE\ABBYY FineReader 9.0\LicensingSchema.dll c:\temp\FR90PE\ABBYY FineReader 9.0\litgen.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Lithuan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Lithuan.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Luba.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Macedon.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Malagasy.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Malay.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Malinke.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Maltese.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Mansi.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Maori.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Mari.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Maya.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Miao.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\temp\FR90PE\ABBYY FineReader 9.0\Microsoft.VC80.CRT\msvcm80.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Microsoft.VC80.CRT\msvcp80.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Microsoft.VC80.CRT\msvcr80.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Minankab.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Mohawk.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Moldav.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Mongol.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Mordvin.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Morphology.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\MorphoRes9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\msvcr71.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Nahuatl.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Nenets.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Nivkh.amd c:\temp\FR90PE\ABBYY FineReader 9.0\NLCMorphology.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Nogay.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.ccjk c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.cjk c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.ecjk c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.fcjk c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.pdi c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.pts c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.slp c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.spt c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.ssc c:\temp\FR90PE\ABBYY FineReader 9.0\Normal.str c:\temp\FR90PE\ABBYY FineReader 9.0\NorwBok.amd c:\temp\FR90PE\ABBYY FineReader 9.0\NorwBok.amm c:\temp\FR90PE\ABBYY FineReader 9.0\NorwNyn.amd c:\temp\FR90PE\ABBYY FineReader 9.0\NorwNyn.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Numbers.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Nyanja.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Occident.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ojibway.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ossetic.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Papiamen.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Part.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Part.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Part.pts c:\temp\FR90PE\ABBYY FineReader 9.0\Part.slp c:\temp\FR90PE\ABBYY FineReader 9.0\Part.ssc c:\temp\FR90PE\ABBYY FineReader 9.0\Pascal.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Pidgin.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Polish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Polish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Portug.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Portug.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Printer.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Printer.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Printer.pts c:\temp\FR90PE\ABBYY FineReader 9.0\Printer.spt c:\temp\FR90PE\ABBYY FineReader 9.0\Printer.str c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensing9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensingSchema.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ProductLicensingShared.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Provenc.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Quechua.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Recognizer.dll c:\temp\FR90PE\ABBYY FineReader 9.0\RecPage.dll c:\temp\FR90PE\ABBYY FineReader 9.0\RegExp.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Registrator.exe c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78ms-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\78ms-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\83pv-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90ms-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90ms-RKSJ-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90ms-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90msp-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90msp-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90pv-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90pv-RKSJ-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90pv-RKSJ-UCS2C c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\90pv-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Add-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Add-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Add-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Add-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-0 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-1 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-3 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-4 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-5 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-B5pc c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-ETen-B5 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-H-CID c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-H-Host c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-H-Mac c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-CNS1-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-0 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-1 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-3 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-4 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-5 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-GBK-EUC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-GBpc-EUC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-H-CID c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-H-Host c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-H-Mac c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-GB1-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-0 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-1 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-3 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-4 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-5 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-6 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-90ms-RKSJ c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-90pv-RKSJ c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-H-CID c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-H-Host c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-H-Mac c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-PS-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-PS-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan1-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Japan2-0 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-0 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-1 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-H-CID c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-H-Host c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-H-Mac c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-KSCms-UHC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-KSCpc-EUC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Adobe-Korea1-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\B5pc-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\B5pc-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\B5pc-UCS2C c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\B5pc-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\CNS-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\CNS-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\CNS1-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\CNS1-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\CNS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\CNS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETen-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETen-B5-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETen-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETenms-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETenms-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETHK-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\ETHK-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Ext-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Ext-RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Ext-RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Ext-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GB-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GB-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GB-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GB-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBK-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBK-EUC-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBK-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBK2K-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBK2K-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBKp-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBKp-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBpc-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBpc-EUC-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBpc-EUC-UCS2C c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBpc-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBT-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBT-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBT-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBT-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBTpc-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\GBTpc-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Hankaku c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Hiragana c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKdla-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKdla-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKdlb-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKdlb-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKgccs-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKgccs-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKm314-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKm314-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKm471-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKm471-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKscs-B5-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\HKscs-B5-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Hojo-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Hojo-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Hojo-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Hojo-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Identity-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Identity-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Katakana c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSC-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSC-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSC-Johab-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSC-Johab-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCms-UHC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCms-UHC-HW-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCms-UHC-HW-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCms-UHC-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCms-UHC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCpc-EUC-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCpc-EUC-UCS2 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCpc-EUC-UCS2C c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\KSCpc-EUC-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\NWP-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\NWP-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\RKSJ-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\RKSJ-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\Roman c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-90ms-RKSJ c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-90pv-RKSJ c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-B5pc c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-ETen-B5 c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-GBK-EUC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-GBpc-EUC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-KSCms-UHC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UCS2-KSCpc-EUC c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UCS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UCS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UTF16-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UTF16-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UTF8-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniCNS-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UCS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UCS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UTF16-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UTF16-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UTF8-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniGB-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UCS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UCS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UTF16-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UTF16-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UTF8-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniHojo-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UCS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UCS2-HW-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UCS2-HW-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UCS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UTF16-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UTF16-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UTF8-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS2004-UTF16-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS2004-UTF16-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS2004-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS2004-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS2004-UTF8-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJIS2004-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISB-UCS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISPro-UCS2-HW-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISPro-UCS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISPro-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISX0213-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISX0213-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISX02132004-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniJISX02132004-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UCS2-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UCS2-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UTF16-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UTF16-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UTF32-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UTF32-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UTF8-H c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\UniKS-UTF8-V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\V c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Cmap\WP-Symbol c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\AdobeHeitiStd-Regular.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\AdobeMingStd-Light.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\AdobeMyungjoStd-Medium.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\AdobePiStd.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\AdobeSongStd-Light.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\CourierStd-Bold.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\CourierStd-BoldOblique.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\CourierStd-Oblique.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\CourierStd.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\KozGoProVI-Medium.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\KozMinProVI-Regular.otf c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\sy______.pfb c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\sy______.pfm c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\zx______.mmm c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\zx______.pfb c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\zx______.pfm c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\zy______.mmm c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\zy______.pfb c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Font\zy______.pfm c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Icu\ctl_gb18030.cnv c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Icu\icudt26l.dat c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\HKSCS.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\Japanese83pv.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\JISX0208.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\JISX0213.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\readme.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\stdenc.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\symbol.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Adobe\zdingbat.txt c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\ARABIC.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\CENTEURO.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\CHINSIMP.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\CHINTRAD.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\CORPCHAR.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\CROATIAN.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\CYRILLIC.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\DEVANAGA.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\DINGBATS.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\FARSI.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\GREEK.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\GUJARATI.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\GURMUKHI.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\HEBREW.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\ICELAND.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\JAPANESE.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\KOREAN.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\README.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\ROMAN.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\ROMANIAN.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\SYMBOL.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\THAI.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\TURKISH.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Mac\UKRAINE.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1250.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1251.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1252.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1253.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1254.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1255.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1256.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1257.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP1258.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP874.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP932.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP936.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP949.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Resource\Unicode\Mappings\Win\CP950.TXT c:\temp\FR90PE\ABBYY FineReader 9.0\Rhaetian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Roman.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Roman.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Romany.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ruanda.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Rundi.amd c:\temp\FR90PE\ABBYY FineReader 9.0\RusOS.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Russian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Russian.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Samoan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Scan0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Scan9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScanManager.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScanTwain.exe c:\temp\FR90PE\ABBYY FineReader 9.0\ScanWia.exe c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader.exe c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader0.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader1.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader13.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader14.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader15.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader16.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader17.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader18.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader19.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader2.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader20.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader23.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader24.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader3.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader4.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader5.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader6.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader64.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader7.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader9.chm c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReader9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ScreenshotReaderRes.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Selkup.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Serbian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\SerbianL.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Shell0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shell9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\ShellRes.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Shona.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Sioux.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Slovak.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Slovak.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Sloven.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Sloven.amm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWP10.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWP11.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWP12.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWP13.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWP14.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWp7.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWp8.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\SndToWP9.wcm c:\temp\FR90PE\ABBYY FineReader 9.0\Somali.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Sorbian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Sotho.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Spanish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Spanish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Splrt.dll c:\temp\FR90PE\ABBYY FineReader 9.0\StdFonts.mtr c:\temp\FR90PE\ABBYY FineReader 9.0\StdFonts.psa c:\temp\FR90PE\ABBYY FineReader 9.0\Sunda.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo.exe c:\temp\FR90PE\ABBYY FineReader 9.0\Support\ainfo.ini c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo0.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo1.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo13.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo14.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo15.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo16.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo17.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo18.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo19.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo2.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo20.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo23.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo24.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo3.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo4.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo5.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo6.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo64.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo7.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Support\AInfo9.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Swahili.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Swazi.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Swedish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Swedish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Synthesis.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Tabassar.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tagalog.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tahitian.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tajik.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tatar.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tatar.amm c:\temp\FR90PE\ABBYY FineReader 9.0\TextLayout.dll c:\temp\FR90PE\ABBYY FineReader 9.0\Thai.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Thai.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Tinpo.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tongan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\TrigrammsInstaller.exe c:\temp\FR90PE\ABBYY FineReader 9.0\Tswana.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tun.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Turkish.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Turkish.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Turkmen.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Tuvin.amd c:\temp\FR90PE\ABBYY FineReader 9.0\twain.dat c:\temp\FR90PE\ABBYY FineReader 9.0\Typewrit.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Typewrit.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Typewrit.pts c:\temp\FR90PE\ABBYY FineReader 9.0\Typewrit.str c:\temp\FR90PE\ABBYY FineReader 9.0\Udmurt.amd c:\temp\FR90PE\ABBYY FineReader 9.0\UighurC.amd c:\temp\FR90PE\ABBYY FineReader 9.0\UighurL.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ukrain.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Ukrain.amm c:\temp\FR90PE\ABBYY FineReader 9.0\Underlin.pat c:\temp\FR90PE\ABBYY FineReader 9.0\Underlin.ptc c:\temp\FR90PE\ABBYY FineReader 9.0\Underlin.str c:\temp\FR90PE\ABBYY FineReader 9.0\Univers.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Univers.amm c:\temp\FR90PE\ABBYY FineReader 9.0\UzbekCyr.amd c:\temp\FR90PE\ABBYY FineReader 9.0\UzbekLat.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Visayan.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Welsh.amd c:\temp\FR90PE\ABBYY FineReader 9.0\wia.dat c:\temp\FR90PE\ABBYY FineReader 9.0\Wolof.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Xhosa.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Yakut.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Zapotec.amd c:\temp\FR90PE\ABBYY FineReader 9.0\Zulu.amd c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\AbbyyZlib.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\FineNet.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\FineObj.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\FObjEventSrc.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\LicensingSchema.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\msvcr71.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing0.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing1.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing13.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing14.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing15.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing16.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing17.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing18.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing19.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing2.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing20.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing23.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing24.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing3.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing4.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing5.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing6.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing64.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing7.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensing9.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensingSchema.dll c:\temp\FR90PE\Common\ABBYY\FineReader\9.00\Licensing\PE\ProductLicensingShared.dll c:\temp\FR90PE\CommonAppData\ABBYY\FineReader\9.00\Licenses\FineReader9Trial.ABBYY.License c:\temp\FR90PE\instmsiw.exe c:\temp\FR90PE\ReadMe\Readme_Bulgarian.htm c:\temp\FR90PE\ReadMe\Readme_Chinese.htm c:\temp\FR90PE\ReadMe\Readme_Czech.htm c:\temp\FR90PE\ReadMe\Readme_Dutch.htm c:\temp\FR90PE\ReadMe\Readme_English.htm c:\temp\FR90PE\ReadMe\Readme_Estonian.htm c:\temp\FR90PE\ReadMe\Readme_French.htm c:\temp\FR90PE\ReadMe\Readme_German.htm c:\temp\FR90PE\ReadMe\Readme_Hungarian.htm c:\temp\FR90PE\ReadMe\Readme_Italian.htm c:\temp\FR90PE\ReadMe\Readme_Latvian.htm c:\temp\FR90PE\ReadMe\Readme_Lithuanian.htm c:\temp\FR90PE\ReadMe\Readme_Polish.htm c:\temp\FR90PE\ReadMe\Readme_Portuguese.htm c:\temp\FR90PE\ReadMe\Readme_Russian.htm c:\temp\FR90PE\ReadMe\Readme_Slovak.htm c:\temp\FR90PE\ReadMe\Readme_Spanish.htm c:\temp\FR90PE\ReadMe\Readme_Swedish.htm c:\temp\FR90PE\ReadMe\Readme_Turkish.htm c:\temp\FR90PE\ReadMe\Readme_Ukrainian.htm c:\temp\FR90PE\Setup.exe c:\temp\FR90PE\setup.ini c:\temp\FR90PE\unicows.dll c:\users\C D Larcombe\Downloads\Alcohol52_FE_2.0.2.3931.exe c:\users\C D Larcombe\Downloads\Kanji_Dictionary.exe c:\users\C D Larcombe\Downloads\RN_ErrorsFix_Setup.exe c:\users\C D Larcombe\Downloads\Spydig_Setup.exe . . ((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 ))))))))))))))))))))))))))))))) . . 2013-09-16 10:26 . 2013-09-16 10:27 -------- d-----w- c:\users\C D Larcombe\AppData\Local\temp 2013-09-16 10:26 . 2013-09-16 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-16 08:03 . 2013-09-16 08:03 -------- d-----w- c:\programdata\Oracle 2013-09-16 08:02 . 2013-09-16 08:01 868264 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-16 08:02 . 2013-09-16 08:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-16 07:58 . 2013-09-16 07:58 -------- d-----w- c:\users\C D Larcombe\AppData\Roaming\Oracle 2013-09-14 14:19 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BDD40A8-115E-45A4-9144-D67D5271A08D}\mpengine.dll 2013-09-13 06:50 . 2013-09-13 06:50 -------- d-----w- c:\program files\ESET 2013-09-13 04:37 . 2011-06-02 04:39 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2013-09-13 04:37 . 2011-06-02 04:39 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2013-09-13 04:36 . 2013-09-13 04:36 -------- d-----w- c:\program files\Common Files\InfoWatch 2013-09-13 04:31 . 2013-09-13 05:29 74848 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-09-09 04:21 . 2013-09-09 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-09 04:21 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-09 00:17 . 2013-09-16 09:48 -------- d-----w- c:\programdata\Kaspersky Lab 2013-09-09 00:17 . 2013-09-13 04:36 -------- d-----w- c:\program files\Kaspersky Lab 2013-09-08 23:35 . 2013-09-08 23:50 -------- d-----w- C:\TDSSKiller_Quarantine 2013-08-28 10:25 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-16 08:01 . 2010-05-09 11:22 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-13 05:29 . 2012-10-18 04:50 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-09-13 05:29 . 2012-08-13 06:49 145040 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-08-30 07:47 . 2009-06-12 14:47 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-07-17 19:41 . 2013-08-14 10:51 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-10 09:47 . 2013-08-14 10:51 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 12:10 . 2013-08-14 10:51 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-07-08 04:55 . 2013-08-14 10:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-08 04:55 . 2013-08-14 10:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-08 04:20 . 2013-08-14 10:51 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-07-08 04:16 . 2013-08-14 10:51 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-08 04:16 . 2013-08-14 10:51 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-08 04:16 . 2013-08-14 10:51 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-07-05 04:53 . 2013-08-14 10:52 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-12-07 11:13 . 2007-12-07 11:13 4192768 ----a-r- c:\program files\ABBYY FineReader 9.0 Professional Edition.msi 2003-04-21 04:09 . 2003-04-21 04:09 245408 ----a-r- c:\program files\unicows.dll 2002-03-11 01:06 . 2002-03-11 01:06 1822520 ----a-r- c:\program files\instmsiw.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-20 08:20 459784 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Spotify Web Helper"="c:\users\C D Larcombe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-22 1104384] "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6281760] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-30 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-30 92704] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 344064] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-1-3 4243232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 13:05] . 2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 13:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\ FF - ExtSQL: 2013-08-02 22:27; kitsune@kitsune.sourceforge.net; c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\extensions\kitsune@kitsune.sourceforge.net FF - ExtSQL: 2013-09-11 01:22; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: 2013-09-13 14:36; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-09-13 14:36; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-09-13 14:37; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-09-13 14:37; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-09-13 14:37; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-16 20:26 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2013-09-16 20:36:34 ComboFix-quarantined-files.txt 2013-09-16 10:36 ComboFix2.txt 2013-09-11 13:41 ComboFix3.txt 2013-09-11 02:05 . Pre-Run: 298,168,504,320 bytes free Post-Run: 298,167,042,048 bytes free . - - End Of File - - C2807C5C211CD12DFFDA788BE0EC34F8 5C616939100B85E558DA92B899A0FC36
  6. Thanks for your advice. I have uninstalled the Abbyy Fine Reader.
  7. Link as instructed: does not look good! https://www.virustotal.com/en-gb/file/7a53f2252f53ae870c78e5714a8aae7e187d60642db6c80d39ab28d3179bb003/analysis/1379168340/
  8. Hi Marius, incidentally, I'm a little concerned that my Abbyy finereader showed up. I've had that for a few years now and it was expensive. I purchased it from the cnet downloads.
  9. Thanks, Marius. Results of ESET scan below. Should I uninstall ESET? - - - - C:\Program Files\ABBYY FineReader 9.0\FineReader.exe a variant of Win32/HackTool.Patcher.N application C:\temp\FR90PE\ABBYY FineReader 9.0\FineReader.exe a variant of Win32/HackTool.Patcher.N application C:\Users\C D Larcombe\Downloads\Alcohol52_FE_2.0.2.3931.exe a variant of Win32/InstallCore.AF application C:\Users\C D Larcombe\Downloads\Kanji_Dictionary.exe a variant of Win32/Toolbar.Babylon.H application C:\Users\C D Larcombe\Downloads\RN_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application C:\Users\C D Larcombe\Downloads\Spydig_Setup.exe multiple threats - - - - -
  10. Sorry Marius - there is no log recording the scan which detected all the infected files which were then marked for removal. In the process of removal the programme froze. The only logs that are saved at the locations you cite record (1) updating of the programme and (2) my subsequent scan. 1. Before running first scan which detected the infected files and marked them for removal: - - - - 2013/09/12 21:01:47 +1000 CDLARCOMBE-PC C D Larcombe MESSAGE Starting database refresh 2013/09/12 21:02:07 +1000 CDLARCOMBE-PC C D Larcombe MESSAGE Database refreshed successfully - - - - 2. Log from subsequent scan, performed after the programme froze in the process of removing the detected threats discovered as a result of first scan (2 hours or so): Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.12.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19458 C D Larcombe :: CDLARCOMBE-PC [administrator] 12/09/2013 11:31:08 PM mbam-log-2013-09-12 (23-31-08).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 139006 Time elapsed: 54 minute(s), 9 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) - - - - I CANNOT IDENTIFY ANY LOG OF THE FIRST AND CRUCIAL SCAN WHICH DETECTED THE THREATS. : ( I will await your instructions. Sorry!
  11. Hi Marius, I fear I may have caused some problems for the sequence of logs you need. I ran the Malwarebytes scan, which ran for just over 2 hours. It highlighted about 15 infected files. I then proceeded to select each file and remove them. At that point, the programme froze and remained frozen for about 30-40 minutes. I then used task manager to close the programme, with the intent I would run the scan again. The problem is that, whie I can run the scan again, the infected filed detected in the first scan have been placed in quarantine; therefore, the subsequent scan does not detect them. I fear this has consequences for the log which any subsequent scan will generate. I have searched for any log generated by the first scan, but cannot find it. Apologies for this complication. May I ask what you advise me to do from here?
  12. Thank you: log below as instructed. ComboFix 13-09-10.03 - C D Larcombe 11/09/2013 23:12:09.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1607 [GMT 10:00] Running from: c:\users\C D Larcombe\Desktop\ComboFix.exe Command switches used :: c:\users\C D Larcombe\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 ))))))))))))))))))))))))))))))) . . 2013-09-11 13:27 . 2013-09-11 13:33 -------- d-----w- c:\users\C D Larcombe\AppData\Local\temp 2013-09-11 13:27 . 2013-09-11 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-09 04:21 . 2013-09-09 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-09 04:21 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-09 00:17 . 2013-09-11 11:27 -------- d-----w- c:\programdata\Kaspersky Lab 2013-09-09 00:17 . 2013-09-11 11:27 -------- d-----w- c:\program files\Kaspersky Lab 2013-09-08 23:35 . 2013-09-08 23:50 -------- d-----w- C:\TDSSKiller_Quarantine 2013-08-28 10:25 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 15:58 . 2013-08-14 16:00 -------- d-----w- c:\windows\system32\MRT 2013-08-14 10:52 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 10:52 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 10:52 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-10 23:39 . 2013-09-10 23:39 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B477EE33-CC6A-4EF6-BE28-CF4E0C88FD41}\offreg.dll 2013-08-30 07:48 . 2013-05-22 11:49 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-30 07:48 . 2009-06-12 14:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-08-30 07:48 . 2009-06-12 14:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-08-30 07:48 . 2013-05-22 11:49 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-08-30 07:48 . 2011-06-05 08:39 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-30 07:48 . 2009-06-12 14:48 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-08-30 07:48 . 2009-06-12 14:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-08-30 07:48 . 2009-06-12 14:47 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-08-30 07:47 . 2010-10-02 05:07 41664 ----a-w- c:\windows\avastSS.scr 2013-08-30 07:47 . 2009-06-12 14:47 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-06 07:28 . 2013-09-10 23:13 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B477EE33-CC6A-4EF6-BE28-CF4E0C88FD41}\mpengine.dll 2007-12-07 11:13 . 2007-12-07 11:13 4192768 ----a-r- c:\program files\ABBYY FineReader 9.0 Professional Edition.msi 2003-04-21 04:09 . 2003-04-21 04:09 245408 ----a-r- c:\program files\unicows.dll 2002-03-11 01:06 . 2002-03-11 01:06 1822520 ----a-r- c:\program files\instmsiw.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-08-30 07:47 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Spotify Web Helper"="c:\users\C D Larcombe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-22 1104384] "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6281760] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-30 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-30 92704] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 344064] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-1-3 4243232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 13:05] . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 13:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\ FF - ExtSQL: 2013-08-02 22:27; kitsune@kitsune.sourceforge.net; c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\extensions\kitsune@kitsune.sourceforge.net FF - ExtSQL: 2013-09-11 01:22; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvservice.exe c:\windows\system32\nvvsvc.exe c:\windows\RtkAudioService.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\System32\lpksetup.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Sony\Network Utility\NSUService.exe c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\windows\system32\DllHost.exe c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\DllHost.exe c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\WUDFHost.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\conime.exe c:\program files\Sony\VAIO Update\VAIOUpdt.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Sony\VAIO Power Management\SPMService.exe c:\program files\Sony\VAIO Update\VUAgent.exe . ************************************************************************** . Completion time: 2013-09-11 23:41:16 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-11 13:40 ComboFix2.txt 2013-09-11 02:05 . Pre-Run: 303,333,326,848 bytes free Post-Run: 303,126,499,328 bytes free . - - End Of File - - C8EE882890235830950E0C32B054B0FA 5C616939100B85E558DA92B899A0FC36
  13. Marius, thanks for your advice. I only downloaded Kaspersky after I was notified of the infection, with the intent that I would run a scan to see if Kaspersky could identify what Avast (my original anti-virus) could not. I have disabled avast since then. I also disabled Kaspersky when running Combofix. I have now removed Kaspersky.
  14. Please find leg below: ComboFix 13-09-10.01 - C D Larcombe 11/09/2013 2:41.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1792 [GMT 10:00] Running from: c:\users\C D Larcombe\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Setup.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . ((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 ))))))))))))))))))))))))))))))) . . 2013-09-10 23:39 . 2013-09-10 23:39 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B477EE33-CC6A-4EF6-BE28-CF4E0C88FD41}\offreg.dll 2013-09-10 23:13 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B477EE33-CC6A-4EF6-BE28-CF4E0C88FD41}\mpengine.dll 2013-09-10 23:05 . 2013-09-10 23:13 -------- d-----w- C:\19896072c2fd9024f1f2 2013-09-10 17:22 . 2013-09-11 02:00 -------- d-----w- c:\users\C D Larcombe\AppData\Local\temp 2013-09-10 17:22 . 2013-09-10 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-09 04:21 . 2013-09-09 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-09 04:21 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-09 03:05 . 2011-06-02 04:39 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2013-09-09 03:04 . 2011-06-02 04:39 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2013-09-09 03:03 . 2013-09-09 03:03 -------- d-----w- c:\program files\Common Files\InfoWatch 2013-09-09 02:55 . 2013-09-09 03:31 74848 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-09-09 00:17 . 2013-09-11 02:00 -------- d-----w- c:\programdata\Kaspersky Lab 2013-09-09 00:17 . 2013-09-09 03:03 -------- d-----w- c:\program files\Kaspersky Lab 2013-09-08 23:35 . 2013-09-08 23:50 -------- d-----w- C:\TDSSKiller_Quarantine 2013-08-28 10:25 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 15:58 . 2013-08-14 16:00 -------- d-----w- c:\windows\system32\MRT 2013-08-14 10:52 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 10:52 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 10:52 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-09 03:31 . 2012-08-13 06:49 145040 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-09-09 03:31 . 2012-10-18 04:50 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-06-28 00:15 . 2013-05-22 11:49 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-28 00:15 . 2011-06-05 08:39 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-28 00:15 . 2009-06-12 14:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2007-12-07 11:13 . 2007-12-07 11:13 4192768 ----a-r- c:\program files\ABBYY FineReader 9.0 Professional Edition.msi 2003-04-21 04:09 . 2003-04-21 04:09 245408 ----a-r- c:\program files\unicows.dll 2002-03-11 01:06 . 2002-03-11 01:06 1822520 ----a-r- c:\program files\instmsiw.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-20 08:20 459784 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Spotify Web Helper"="c:\users\C D Larcombe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-22 1104384] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6281760] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-30 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-30 92704] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 344064] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2009-1-3 4243232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 13:05] . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 13:05] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\ FF - ExtSQL: 2013-08-02 22:27; kitsune@kitsune.sourceforge.net; c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\extensions\kitsune@kitsune.sourceforge.net FF - ExtSQL: 2013-09-09 13:03; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-09-09 13:03; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-09-09 13:04; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-09-09 13:04; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-09-09 13:04; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-09-11 01:22; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\C D Larcombe\AppData\Roaming\Mozilla\Firefox\Profiles\5waw5psb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110808&tt=3412_4 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.id - 5414ff5600000000000000234ddfeecf FF - user.js: extensions.BabylonToolbar.instlDay - 15577 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.60:16 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.searchya.hmpg - true FF - user.js: extensions.searchya.dfltSrch - true FF - user.js: extensions.searchya.srchPrvdr - SearchYa! FF - user.js: extensions.searchya.dnsErr - true FF - user.js: extensions.searchya_i.newTab - false FF - user.js: extensions.searchya.id - 00234DDFEECFFF56 FF - user.js: extensions.searchya.instlDay - 15763 FF - user.js: extensions.searchya.vrsn - 1.8.8.0 FF - user.js: extensions.searchya.vrsni - 1.8.8.0 FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.02:18 FF - user.js: extensions.searchya.prtnrId - searchya FF - user.js: extensions.searchya.prdct - searchya FF - user.js: extensions.searchya.aflt - dnldyho FF - user.js: extensions.searchya_i.smplGrp - none FF - user.js: extensions.searchya.tlbrId - base FF - user.js: extensions.searchya.instlRef - FF - user.js: extensions.searchya.dfltLng - FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF} FF - user.js: extensions.searchya.excTlbr - false FF - user.js: extensions.searchya_i.hmpg - true FF - user.js: extensions.irspeeddial.aflt - dnldyho FF - user.js: extensions.irspeeddial.instlRef - FF - user.js: extensions.irspeeddial.cr - 1170014487 FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtBtAyE0D0D0F0E0E0C0F0F0FyDyCtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SafeBoot-10997470.sys SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-11 12:00 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\TEMP\TMP0000001937940858D293BBFA 524288 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(8388) c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvservice.exe c:\windows\system32\nvvsvc.exe c:\windows\RtkAudioService.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Sony\Network Utility\NSUService.exe c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe c:\windows\system32\DllHost.exe c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\DllHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\WUDFHost.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Sony\VAIO Power Management\SPMService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Sony\VAIO Update\VAIOUpdt.exe c:\program files\Sony\VAIO Update\VUAgent.exe . ************************************************************************** . Completion time: 2013-09-11 12:05:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-11 02:05 . Pre-Run: 292,946,747,392 bytes free Post-Run: 302,647,074,816 bytes free . - - End Of File - - DD231F34A57495BA60BE9E5A690D6304 5C616939100B85E558DA92B899A0FC36
  15. Thank you for that reminder. Here is the log: aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-09-09 22:36:40 ----------------------------- 22:36:40.065 OS Version: Windows 6.0.6002 Service Pack 2 22:36:40.065 Number of processors: 2 586 0x170A 22:36:40.066 ComputerName: CDLARCOMBE-PC UserName: C D Larcombe 22:36:41.379 Initialize success 22:36:44.167 AVAST engine defs: 13090900 22:37:23.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 22:37:23.550 Disk 0 Vendor: ST3500820AS AD2X Size: 476940MB BusType: 3 22:37:23.552 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064 22:37:23.554 Disk 1 Vendor: RICOH 01 Size: 476940MB BusType: 0 22:37:23.557 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000065 22:37:23.559 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0 22:37:23.564 Disk 0 MBR read successfully 22:37:23.566 Disk 0 MBR scan 22:37:24.058 Disk 0 Windows VISTA default MBR code 22:37:24.070 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12429 MB offset 2048 22:37:24.772 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464509 MB offset 25456640 22:37:24.821 Disk 0 scanning sectors +976771120 22:37:25.349 Disk 0 scanning C:\Windows\system32\drivers 22:37:44.801 Service scanning 22:37:54.345 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 22:37:54.471 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 22:37:54.502 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5 22:37:54.555 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 22:37:54.605 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5 22:37:54.643 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5 22:38:11.096 Modules scanning 22:38:22.659 Disk 0 trace - called modules: 22:38:22.676 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86cf71e8]<< 22:38:22.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f63a18] 22:38:22.683 3 CLASSPNP.SYS[8c3a78b3] -> nt!IofCallDriver -> [0x86020918] 22:38:22.686 5 acpi.sys[807b86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8600e528] 22:38:22.690 \Driver\atapi[0x86393758] -> IRP_MJ_CREATE -> 0x86cf71e8 22:38:24.097 AVAST engine scan C:\Windows 22:38:27.893 AVAST engine scan C:\Windows\system32 22:42:22.997 AVAST engine scan C:\Windows\system32\drivers 22:42:47.458 AVAST engine scan C:\Users\C D Larcombe 22:48:47.596 Disk 0 MBR has been saved successfully to "C:\Users\C D Larcombe\Desktop\MBR.dat" 22:48:47.598 The log file has been saved successfully to "C:\Users\C D Larcombe\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-09-09 22:36:40 ----------------------------- 22:36:40.065 OS Version: Windows 6.0.6002 Service Pack 2 22:36:40.065 Number of processors: 2 586 0x170A 22:36:40.066 ComputerName: CDLARCOMBE-PC UserName: C D Larcombe 22:36:41.379 Initialize success 22:36:44.167 AVAST engine defs: 13090900 22:37:23.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 22:37:23.550 Disk 0 Vendor: ST3500820AS AD2X Size: 476940MB BusType: 3 22:37:23.552 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064 22:37:23.554 Disk 1 Vendor: RICOH 01 Size: 476940MB BusType: 0 22:37:23.557 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000065 22:37:23.559 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0 22:37:23.564 Disk 0 MBR read successfully 22:37:23.566 Disk 0 MBR scan 22:37:24.058 Disk 0 Windows VISTA default MBR code 22:37:24.070 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12429 MB offset 2048 22:37:24.772 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464509 MB offset 25456640 22:37:24.821 Disk 0 scanning sectors +976771120 22:37:25.349 Disk 0 scanning C:\Windows\system32\drivers 22:37:44.801 Service scanning 22:37:54.345 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 22:37:54.471 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 22:37:54.502 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5 22:37:54.555 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 22:37:54.605 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5 22:37:54.643 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5 22:38:11.096 Modules scanning 22:38:22.659 Disk 0 trace - called modules: 22:38:22.676 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86cf71e8]<< 22:38:22.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f63a18] 22:38:22.683 3 CLASSPNP.SYS[8c3a78b3] -> nt!IofCallDriver -> [0x86020918] 22:38:22.686 5 acpi.sys[807b86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8600e528] 22:38:22.690 \Driver\atapi[0x86393758] -> IRP_MJ_CREATE -> 0x86cf71e8 22:38:24.097 AVAST engine scan C:\Windows 22:38:27.893 AVAST engine scan C:\Windows\system32 22:42:22.997 AVAST engine scan C:\Windows\system32\drivers 22:42:47.458 AVAST engine scan C:\Users\C D Larcombe 22:48:47.596 Disk 0 MBR has been saved successfully to "C:\Users\C D Larcombe\Desktop\MBR.dat" 22:48:47.598 The log file has been saved successfully to "C:\Users\C D Larcombe\Desktop\aswMBR.txt" 23:04:19.846 Disk 0 MBR has been saved successfully to "C:\Users\C D Larcombe\Desktop\MBR.dat" 23:04:19.847 The log file has been saved successfully to "C:\Users\C D Larcombe\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-09-09 23:09:26 ----------------------------- 23:09:26.503 OS Version: Windows 6.0.6002 Service Pack 2 23:09:26.503 Number of processors: 2 586 0x170A 23:09:26.504 ComputerName: CDLARCOMBE-PC UserName: C D Larcombe 23:09:29.662 Initialize success 23:09:32.588 AVAST engine defs: 13090900 23:09:45.400 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 23:09:45.427 Disk 0 Vendor: ST3500820AS AD2X Size: 476940MB BusType: 3 23:09:45.430 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064 23:09:45.432 Disk 1 Vendor: RICOH 01 Size: 476940MB BusType: 0 23:09:45.435 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000065 23:09:45.437 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0 23:09:45.551 Disk 0 MBR read successfully 23:09:45.559 Disk 0 MBR scan 23:09:45.563 Disk 0 Windows VISTA default MBR code 23:09:45.602 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12429 MB offset 2048 23:09:45.622 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464509 MB offset 25456640 23:09:45.689 Disk 0 scanning sectors +976771120 23:09:45.908 Disk 0 scanning C:\Windows\system32\drivers 23:10:17.111 Service scanning 23:10:26.530 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 23:10:26.713 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 23:10:26.753 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5 23:10:26.806 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 23:10:26.863 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5 23:10:26.894 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5 23:10:40.682 Modules scanning 23:11:19.059 Disk 0 trace - called modules: 23:11:19.079 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86cf71e8]<< 23:11:19.083 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f63a18] 23:11:19.086 3 CLASSPNP.SYS[8c3a78b3] -> nt!IofCallDriver -> [0x86020918] 23:11:19.090 5 acpi.sys[807b86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8600e528] 23:11:19.093 \Driver\atapi[0x86393758] -> IRP_MJ_CREATE -> 0x86cf71e8 23:11:21.838 AVAST engine scan C:\Windows 23:12:01.970 AVAST engine scan C:\Windows\system32 23:18:08.651 AVAST engine scan C:\Windows\system32\drivers 23:18:51.121 AVAST engine scan C:\Users\C D Larcombe 23:21:29.919 Disk 0 MBR has been saved successfully to "C:\Users\C D Larcombe\Desktop\MBR.dat" 23:21:29.926 The log file has been saved successfully to "C:\Users\C D Larcombe\Desktop\aswMBR.txt"
  16. Relevant file attached. Thank you. Attach.txt
  17. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19453 BrowserJavaVersion: 1.6.0_26 Run by C D Larcombe at 22:03:07 on 2013-09-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1106 [GMT 10:00] . AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvservice.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\RtkAudioService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Windows\ehome\ehtray.exe C:\Users\C D Larcombe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Sony\VAIO Update\VUAgent.exe C:\Windows\system32\conime.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - c:\program files\kaspersky lab\kaspersky pure 3.0\kaspersky password manager\spIEBho.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\onlinebanking\online_banking_bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\urladvisor\klwtbbho.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - c:\program files\kaspersky lab\kaspersky pure 3.0\kaspersky password manager\spIEBho.dll uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [spotify Web Helper] "c:\users\c d larcombe\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure 3.0\avp.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure 3.0\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure 3.0\ieext\urladvisor\klwtbbho.dll IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm TCP: NameServer = 10.0.0.138 TCP: Interfaces\{2C0E2C70-A966-44F6-BF49-7BDCB8581403} : DHCPNameServer = 10.0.0.138 TCP: Interfaces\{6965D9E8-23BD-4D58-8668-8902A576C458} : DHCPNameServer = 10.0.0.138 TCP: Interfaces\{75B90F3A-AD59-4F62-8CFE-895B4311856C} : DHCPNameServer = 10.0.0.138 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\c d larcombe\appdata\roaming\mozilla\firefox\profiles\5waw5psb.default\ FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll FF - ExtSQL: 2013-08-02 22:27; kitsune@kitsune.sourceforge.net; c:\users\c d larcombe\appdata\roaming\mozilla\firefox\profiles\5waw5psb.default\extensions\kitsune@kitsune.sourceforge.net FF - ExtSQL: 2013-09-09 13:03; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky pure 3.0\ffext\anti_banner@kaspersky.com FF - ExtSQL: 2013-09-09 13:03; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky pure 3.0\ffext\content_blocker@kaspersky.com FF - ExtSQL: 2013-09-09 13:04; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky pure 3.0\ffext\online_banking@kaspersky.com FF - ExtSQL: 2013-09-09 13:04; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky pure 3.0\ffext\url_advisor@kaspersky.com FF - ExtSQL: 2013-09-09 13:04; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky pure 3.0\ffext\virtual_keyboard@kaspersky.com . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110808&tt=3412_4 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.id - 5414ff5600000000000000234ddfeecf FF - user.js: extensions.BabylonToolbar.instlDay - 15577 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.60:16:43 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.searchya.hmpg - true FF - user.js: extensions.searchya.dfltSrch - true FF - user.js: extensions.searchya.srchPrvdr - SearchYa! FF - user.js: extensions.searchya.dnsErr - true FF - user.js: extensions.searchya_i.newTab - false FF - user.js: extensions.searchya.id - 00234DDFEECFFF56 FF - user.js: extensions.searchya.instlDay - 15763 FF - user.js: extensions.searchya.vrsn - 1.8.8.0 FF - user.js: extensions.searchya.vrsni - 1.8.8.0 FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.02:18:14 FF - user.js: extensions.searchya.prtnrId - searchya FF - user.js: extensions.searchya.prdct - searchya FF - user.js: extensions.searchya.aflt - dnldyho FF - user.js: extensions.searchya_i.smplGrp - none FF - user.js: extensions.searchya.tlbrId - base FF - user.js: extensions.searchya.instlRef - FF - user.js: extensions.searchya.dfltLng - FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF} FF - user.js: extensions.searchya.excTlbr - false FF - user.js: extensions.searchya_i.hmpg - true FF - user.js: extensions.irspeeddial.aflt - dnldyho FF - user.js: extensions.irspeeddial.instlRef - FF - user.js: extensions.irspeeddial.cr - 1170014487 FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtBtAyE0D0D0F0E0E0C0F0F0FyDyCtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-22 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-22 175176] R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2013-9-9 88632] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-5 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-13 369584] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2013-9-9 39736] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-10-18 44000] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2008-10-27 759072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-17 169312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-13 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-13 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-2 46808] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky pure 3.0\avp.exe [2012-12-20 356968] R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2012-12-21 819040] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-1-3 303104] R2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe [2013-3-17 160544] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-12-5 102400] R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-5-27 181760] R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2013-7-17 122008] R2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2013-7-17 72856] R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2013-7-17 392344] R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2013-7-17 76952] R2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2013-7-17 93336] R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-2-15 5120] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-1-3 104960] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-5-30 415584] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2011-4-20 480624] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-1-3 17920] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-12-4 225408] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-9-3 25944] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-9-3 25944] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-9 40776] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-12-4 9344] R3 VUAgent;VUAgent;c:\program files\sony\vaio update\VUAgent.exe [2012-11-22 1013808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-12-5 29736] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2010-5-15 206336] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-11-18 83312] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856] . =============== File Associations =============== . FileExt: .txt: Applications\Winword.exe="c:\program files\microsoft office\office12\WINWORD.EXE" /n /dde [userChoice] [default=edit - 'Open' doesn't exist] ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2013-09-09 11:25:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-09-09 11:02:39 -------- d-----w- c:\users\c d larcombe\appdata\local\{7BDDC5CD-DB09-47B7-9D7F-D64DE15DE7B8} 2013-09-09 04:21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-09 04:21:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-09 03:05:02 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2013-09-09 03:04:46 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2013-09-09 03:03:55 -------- d-----w- c:\program files\common files\InfoWatch 2013-09-09 02:55:13 74848 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-09-09 00:17:32 -------- d-----w- c:\programdata\Kaspersky Lab 2013-09-09 00:17:32 -------- d-----w- c:\program files\Kaspersky Lab 2013-09-08 23:35:37 -------- d-----w- C:\TDSSKiller_Quarantine 2013-09-08 23:01:27 -------- d-----w- c:\users\c d larcombe\appdata\local\{368CA0E9-F771-493F-89AA-6C36826855B4} 2013-09-08 00:54:17 -------- d-----w- c:\users\c d larcombe\appdata\local\{0CBF12F5-6DE0-4AFF-832D-1B61BE8EC0C9} 2013-09-07 02:12:44 -------- d-----w- c:\users\c d larcombe\appdata\local\{6C91A057-1D35-4E30-BAAE-D18230676053} 2013-09-06 15:56:02 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{869e30a0-fa0b-4163-a8fd-b9ee06642009}\mpengine.dll 2013-09-06 14:08:26 -------- d-----w- c:\users\c d larcombe\appdata\local\{B4D82C52-E254-4EB5-A986-11D44817957D} 2013-09-06 01:41:29 -------- d-----w- c:\users\c d larcombe\appdata\local\{30B144A6-6449-413C-86A9-DC375EC5BDE3} 2013-09-05 14:33:05 -------- d-----w- c:\users\c d larcombe\appdata\local\{49F6364F-37AB-42F4-AA95-C93260014633} 2013-09-05 02:19:10 -------- d-----w- c:\users\c d larcombe\appdata\local\{2606083F-F601-4B60-8C21-596BA8658AB8} 2013-09-03 23:43:57 -------- d-----w- c:\users\c d larcombe\appdata\local\{E515E1C9-BF8B-404D-B466-358970FA89A5} 2013-09-03 02:39:32 -------- d-----w- c:\users\c d larcombe\appdata\local\{2B6D5380-C84E-4720-AEFE-B7D9BF2EE929} 2013-09-02 02:23:46 -------- d-----w- c:\users\c d larcombe\appdata\local\{CAEFE10E-CE1D-4D1C-83E0-CD2F807C2901} 2013-09-01 14:05:34 -------- d-----w- c:\users\c d larcombe\appdata\local\{6A75BDD7-4FCC-4830-B35D-70B027C08A77} 2013-09-01 01:50:35 -------- d-----w- c:\users\c d larcombe\appdata\local\{5491E519-0883-4458-9B0B-246EB39CB9B3} 2013-08-31 13:40:05 -------- d-----w- c:\users\c d larcombe\appdata\local\{A6868B4B-2853-489C-9761-BC0F9D6D52FD} 2013-08-31 00:48:13 -------- d-----w- c:\users\c d larcombe\appdata\local\{6CC057F7-41EC-413D-84C2-2122F9F7B0F1} 2013-08-31 00:40:47 -------- d-----w- c:\users\c d larcombe\appdata\local\{559BB7BB-CA8D-4598-9B40-2BE6D210603C} 2013-08-30 09:38:02 -------- d-----w- c:\users\c d larcombe\appdata\local\{DEBAF5D8-C6CA-4C40-8823-96C57580390B} 2013-08-29 15:08:18 -------- d-----w- c:\users\c d larcombe\appdata\local\{7FE79887-68FB-46AF-830B-04A6E1152C48} 2013-08-29 02:29:51 -------- d-----w- c:\users\c d larcombe\appdata\local\{FBB0D241-0D5E-43A0-9A54-7CAD36846AC1} 2013-08-28 10:25:12 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-28 10:22:08 -------- d-----w- c:\users\c d larcombe\appdata\local\{D6FA43A0-19AA-415A-BF68-6D022203C629} 2013-08-27 20:24:56 -------- d-----w- c:\users\c d larcombe\appdata\local\{13FD319E-31EF-4FF5-8D83-FBE0549568BA} 2013-08-27 03:36:15 -------- d-----w- c:\users\c d larcombe\appdata\local\{DD9862F9-671E-4D98-8CBC-CDC51DDBAAA9} 2013-08-26 15:15:30 -------- d-----w- c:\users\c d larcombe\appdata\local\{DABC5FEB-A2A7-44A4-B6BD-474792E3F160} 2013-08-26 15:05:02 -------- d-----w- c:\users\c d larcombe\appdata\local\{2E76A85A-896C-4448-AC7A-5F4E18DAC0CF} 2013-08-26 03:02:28 -------- d-----w- c:\users\c d larcombe\appdata\local\{8FCEA357-CDC0-4121-955C-4B22C3BDF56B} 2013-08-25 15:02:04 -------- d-----w- c:\users\c d larcombe\appdata\local\{205BDF1A-DCB2-4D50-B9DD-B7A24EF18A4C} 2013-08-25 03:01:40 -------- d-----w- c:\users\c d larcombe\appdata\local\{6475999F-CF09-4D36-8635-C34B490561D4} 2013-08-24 04:51:20 -------- d-----w- c:\users\c d larcombe\appdata\local\{E671AC10-6F90-4743-8DFF-D9D0E8B558E5} 2013-08-24 03:52:55 -------- d-----w- c:\users\c d larcombe\appdata\local\{D77746CA-60CB-4E43-BFEB-1E174B41CF54} 2013-08-23 15:20:40 -------- d-----w- c:\users\c d larcombe\appdata\local\{1AFCAC29-6241-4967-8877-97564C269A37} 2013-08-23 03:20:17 -------- d-----w- c:\users\c d larcombe\appdata\local\{B1826BFD-2039-4BE1-B6B5-7CB142AA5420} 2013-08-22 14:31:44 -------- d-----w- c:\users\c d larcombe\appdata\local\{087AC138-70C2-4629-86E0-7923B0C9EF32} 2013-08-22 02:22:17 -------- d-----w- c:\users\c d larcombe\appdata\local\{F5DDC6C4-DA44-4DA1-BD5C-36F509EF95BD} 2013-08-21 03:24:20 -------- d-----w- c:\users\c d larcombe\appdata\local\{108453CD-CCA0-4760-A7DC-8014DABA33A6} 2013-08-20 15:00:50 -------- d-----w- c:\users\c d larcombe\appdata\local\{5CC438BF-ADEA-42AE-A5F2-895FCFE3C356} 2013-08-20 14:47:46 -------- d-----w- c:\users\c d larcombe\appdata\local\{D9D574BB-D64F-4196-81BC-C1930848CBEE} 2013-08-20 14:36:25 -------- d-----w- c:\users\c d larcombe\appdata\local\{24E1EE6C-736E-427B-92DD-4AFB5FEB2C91} 2013-08-20 14:33:01 -------- d-----w- c:\users\c d larcombe\appdata\local\{9879017B-4EA2-4165-947B-23EAD8D21C6E} 2013-08-20 14:20:59 -------- d-----w- c:\users\c d larcombe\appdata\local\{1885B3C8-F788-4981-AF52-F933679A9CA7} 2013-08-20 13:54:25 -------- d-----w- c:\users\c d larcombe\appdata\local\{171B10CA-3A03-411D-9C11-0A129320B50A} 2013-08-20 13:43:07 -------- d-----w- c:\users\c d larcombe\appdata\local\{DF248175-12DB-434E-917C-103F859C0A0B} 2013-08-20 13:15:55 -------- d-----w- c:\users\c d larcombe\appdata\local\{91AEA189-CF7D-4E8F-B4AD-2454651CFE5A} 2013-08-20 13:11:05 -------- d-----w- c:\users\c d larcombe\appdata\local\{F55DE9E7-68D5-4053-914D-FC42BF7A7251} 2013-08-20 13:08:54 -------- d-----w- c:\users\c d larcombe\appdata\local\{55D51E36-69F6-49AC-A1C7-3C15C5FEA176} 2013-08-20 01:06:42 -------- d-----w- c:\users\c d larcombe\appdata\local\{991BD0A7-8DAB-4474-A27B-2BBDE65B9DDC} 2013-08-19 08:28:34 -------- d-----w- c:\users\c d larcombe\appdata\local\{02B04C32-8ACD-4CE8-8A39-6DC7CCE8DFBA} 2013-08-18 15:02:15 -------- d-----w- c:\users\c d larcombe\appdata\local\{9128EEBA-22D5-406A-9B38-A3B5A5CC75F1} 2013-08-18 02:57:22 -------- d-----w- c:\users\c d larcombe\appdata\local\{19C20AD2-B087-4218-BF5E-B7D543F63C7B} 2013-08-17 13:08:55 -------- d-----w- c:\users\c d larcombe\appdata\local\{EAEF891E-07DE-4D2C-8DE4-6D7A434D81CD} 2013-08-17 00:50:35 -------- d-----w- c:\users\c d larcombe\appdata\local\{AFB84056-66DF-49CA-84D9-A97C040D7F50} 2013-08-16 08:26:30 -------- d-----w- c:\users\c d larcombe\appdata\local\{1C76A654-A812-42FC-A910-B748296A3791} 2013-08-15 15:21:46 -------- d-----w- c:\users\c d larcombe\appdata\local\{09F2E3D2-666D-4E14-AA6D-3AB8A0D217B1} 2013-08-15 02:37:28 -------- d-----w- c:\users\c d larcombe\appdata\local\{2EF64EF7-4F56-45C6-85E4-B1B9AF5D5DA1} 2013-08-14 15:58:13 -------- d-----w- c:\windows\system32\MRT 2013-08-14 13:17:00 -------- d-----w- c:\users\c d larcombe\appdata\local\{4C35DC6C-DB8A-47A0-A4A5-2BEA38FAD20C} 2013-08-14 10:52:19 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 10:52:17 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 10:52:13 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 01:16:22 -------- d-----w- c:\users\c d larcombe\appdata\local\{0C624780-46F5-4BE8-BDA1-EE3A09B1E497} 2013-08-13 10:07:04 -------- d-----w- c:\users\c d larcombe\appdata\local\{6B2C07C1-A9D3-4725-BAAA-00A978C407EA} 2013-08-12 16:29:33 -------- d-----w- c:\users\c d larcombe\appdata\local\{9D99F667-F55A-4E50-A57F-9A29C3C92EAC} 2013-08-12 15:50:05 -------- d-----w- c:\users\c d larcombe\appdata\local\{E8C180B0-66F7-4C49-BA96-CBB94F85F00C} 2013-08-12 15:41:40 -------- d-----w- c:\users\c d larcombe\appdata\local\{4A5A692C-8A27-4A75-829A-3205D790CD7C} 2013-08-12 02:56:11 -------- d-----w- c:\users\c d larcombe\appdata\local\{B0ADD78B-2C26-4564-B7A2-5A10CC1BE07E} 2013-08-11 05:52:26 -------- d-----w- c:\users\c d larcombe\appdata\local\{A84F6C96-22B2-475D-A2EC-1A47CD60DAA5} 2013-08-10 16:10:17 -------- d-----w- c:\users\c d larcombe\appdata\local\{1D8854FF-F0D9-40EE-924D-053A226A74BB} 2013-08-10 13:47:01 -------- d-----w- c:\users\c d larcombe\appdata\local\{359A4FDC-96E7-48ED-BDD9-37467DB0F4A5} . ==================== Find3M ==================== . 2013-09-09 03:31:39 145040 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-09-09 03:31:38 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-07-24 00:33:07 916480 ----a-w- c:\windows\system32\wininet.dll 2013-07-24 00:32:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-24 00:32:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-24 00:32:56 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-07-24 00:32:55 71680 ----a-w- c:\windows\system32\iesetup.dll 2013-07-23 23:56:25 385024 ----a-w- c:\windows\system32\html.iec 2013-07-23 23:49:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-23 23:49:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-06-28 00:15:43 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-28 00:15:43 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2007-12-07 11:13:46 4192768 ----a-r- c:\program files\ABBYY FineReader 9.0 Professional Edition.msi 2007-12-06 14:15:52 390432 ----a-r- c:\program files\Setup.exe 2003-04-21 04:09:50 245408 ----a-r- c:\program files\unicows.dll 2002-03-11 01:06:30 1822520 ----a-r- c:\program files\instmsiw.exe . ============= FINISH: 22:06:38.54 ===============
  18. Apologies - I did not properly attach the Malwarebyte.s log. Please find log attached: MBAM-log-2013-09-09 (17-52-07).txt
  19. Apologies - I did not properly attach the Malwarebytes log. Please find log attached.
  20. Incidentally, I performed the scan before receiving your response above, and the advice you give not to run scans unless instructed.
  21. Dear Marius, Thank you indeed for such a quick and constructive reply. Before I start on your instructions, I suspect (from my very minimal knowledge) that I should let you know that I ran a Quick Scan with the Malwarebytes Antimalware tool (the generic advice on this site recommends that one do so as a first step). I am so dim with these things that I cannot interpret the log. I assume it is not safe merely to delete all of the results, as false positives can also be produced by scanning process. I copy the log below. If none of the results indicates a torpig infection, is this conclusive evidence that I am in fact not infected? Many thanks again for your assistance. I will of course proceed with your instructions pending your advice regarding the scan I have performed. - - - - - Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.08.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19453 C D Larcombe :: CDLARCOMBE-PC [administrator] 9/09/2013 2:22:58 PM MBAM-log-2013-09-09 (17-52-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 694373 Time elapsed: 3 hour(s), 14 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 7 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. Registry Values Detected: 3 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0G1G1H2Z1L1U1TtF0Z1E -> No action taken. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {9FA7CDE0-EB4B-11E0-9A8A-00214F4B9636} -> No action taken. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {9FA7CDE0-EB4B-11E0-9A8A-00214F4B9636} -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\C D Larcombe\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. Files Detected: 11 C:\Users\C D Larcombe\AppData\Local\Temp\6rMU6I1u.exe.part (PUP.Optional.Installex) -> No action taken. C:\Users\C D Larcombe\AppData\Local\Temp\_C11dQiO.exe.part (PUP.Optional.Installex) -> No action taken. C:\Users\C D Larcombe\AppData\Local\Temp\xR01kB2D.exe.part (PUP.Optional.Installex) -> No action taken. C:\Users\C D Larcombe\AppData\Local\Temp\r5PMMSSU.exe.part (PUP.Optional.Installex) -> No action taken. C:\Users\C D Larcombe\AppData\Local\Temp\{D47AD21F-BF0B-B0AB-5240-F7290F99F0E9}\sweetim.exe (PUP.Optional.SweetIM) -> No action taken. C:\Users\C D Larcombe\AppData\Local\Temp\is1988980107\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken. C:\Users\C D Larcombe\Downloads\winamp563_full_bundle_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\C D Larcombe\Local Settings\Temporary Internet Files\Content.IE5\I6IP52P3\sweetim[1].exe (PUP.Optional.SweetIM) -> No action taken. C:\Users\C D Larcombe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> No action taken. C:\Users\C D Larcombe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> No action taken. C:\Users\C D Larcombe\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. (end) - - - -
  22. My IP address has been blocked from sending emails by spamhaus, which claims that my computer is infected with torpig. I have no idea whether the spamhaus diagnosis is accurate. I am a complete novice at detecting malware and removing it from my system. My anti-virus does not detect any issues, nor does the Microsoft Malicious Software Removal Tool. I should be grateful for any informed advice and suggestions.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.