BSOD because Malwarebytes Anti-Malware

[aresler]

Good day,

 

I was addressed to you by the support team that deal with my topic "BSOD because Malwarebytes Anti-Malware" after they decide that my computer should be examined by malware removal team.

Here is the link to the topic:

https://forums.malwarebytes.org/index.php?/topic/157686-bsod-because-malwarebytes-anti-malware/#entry912645 

 

Thanks,

Arie

Addition.txt

FRST.txt

[aresler]

Almost 10 days past from when I posted this topic.

[aresler]

?

[AdvancedSetup]

Hello and

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

[aresler]

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 13/12/2014 13:49:20, SYSTEM, ARCOMPUTER, Protection, Malware Protection, Starting,
Protection, 13/12/2014 13:49:28, SYSTEM, ARCOMPUTER, Protection, Malware Protection, Started,
Protection, 13/12/2014 13:49:28, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Starting,
Protection, 13/12/2014 13:49:47, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Started,
Protection, 13/12/2014 13:50:22, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Stopping,
Protection, 13/12/2014 13:50:22, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Stopped,
Protection, 13/12/2014 13:50:22, SYSTEM, ARCOMPUTER, Protection, Malware Protection, Stopping,
Protection, 13/12/2014 13:50:23, SYSTEM, ARCOMPUTER, Protection, Malware Protection, Stopped,
Protection, 13/12/2014 14:07:56, SYSTEM, ARCOMPUTER, Protection, Malware Protection, Starting,
Protection, 13/12/2014 14:07:56, SYSTEM, ARCOMPUTER, Protection, Malware Protection, Started,
Protection, 13/12/2014 14:07:56, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Starting,
Protection, 13/12/2014 14:07:59, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Started,
Detection, 13/12/2014 14:08:36, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,
Update, 13/12/2014 14:08:44, SYSTEM, ARCOMPUTER, Manual, Malware Database, 2014.12.11.2, 2014.12.13.3,
Protection, 13/12/2014 14:08:44, SYSTEM, ARCOMPUTER, Protection, Refresh, Starting,
Protection, 13/12/2014 14:08:44, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Stopping,
Protection, 13/12/2014 14:08:44, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Stopped,
Protection, 13/12/2014 14:08:55, SYSTEM, ARCOMPUTER, Protection, Refresh, Success,
Protection, 13/12/2014 14:08:55, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Starting,
Protection, 13/12/2014 14:08:59, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, Started,
Detection, 13/12/2014 14:10:09, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.184, 0, Inbound,
Detection, 13/12/2014 14:12:40, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,
Detection, 13/12/2014 14:14:10, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.184, 0, Inbound,
Detection, 13/12/2014 14:14:42, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,
Detection, 13/12/2014 14:18:05, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.184, 0, Inbound,
Detection, 13/12/2014 14:18:36, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,
Detection, 13/12/2014 14:22:00, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.184, 0, Inbound,
Detection, 13/12/2014 14:22:39, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,
Detection, 13/12/2014 14:25:58, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.184, 0, Inbound,
Detection, 13/12/2014 14:26:40, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,
Detection, 13/12/2014 14:29:56, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.184, 0, Inbound,
Detection, 13/12/2014 14:30:40, SYSTEM, ARCOMPUTER, Protection, Malicious Website Protection, IP, 218.9.192.58, 0, Inbound,

(end)

[aresler]

Good day,

I am the only user on this XP pro computer.

May be I have made a mistake. I did not run it as Administrator.

Should I run it again as Administrator?

Thanks,

Arie

[AdvancedSetup]

That is a protection log not the scan log. Let me have you run  the following. Running it with your account is fine as long as it has Admin rights.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  
  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

[aresler]

I arranged all text reports in one attached file "ALL FILES.TXT".

Thanks a lot.

Arie

ALL FILES.txt

[AdvancedSetup]

The logs do not seem to indicate that you ran the CLEAN option with the AdwCleaner tool. Please run it again and make sure you clean and post back the new log.

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

 

Next,

 

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

 

[aresler]

I ran the CLEAN option with the AdwCleaner tool but may be I attached the report before the clean and not the report after boot.

I ran it again as instructed and attaché the report now before running combofix.

After I'll run combofix I'll attach its report.

Thanks a lot,

Arie

 

AdwCleanerS1.txt

[aresler]

I have started COMBOFIX as instructed.

The computer froze completely when COMBOFIX riches this point: "…..However, scan times for badly infected machine may easily double" . Even the mouse pointer frizzed.

I thought I have made something wrong and restarted the computer after waiting for half hour.

I run it again and it froze again. After tow hours I restarted the computer again.

After restart I get Repeated Windows massage (translated from Hebrew): "The system was restored after a severe error…".

Then I restarted again and it works.

No log was produced.

Thanks a lot,

Arie

[AdvancedSetup]

Please double check for a log. C:\COMBOFIX.TXT

 

May also be in C:\QOOBOX

 

 

Let me have you run the following then.

 

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

[aresler]

Good day, 

I found some COMBOFIXn.TXT files, all of them are old ones produced in 2009 and 2010.

Although Combofix5.txt last change date is from 16.12.2014 the content is old. Found in c:\QOOBOX.

I attach all of them to my post.

I found a file named ComboFix_1211.log in C:\Documents and Settings\אר\Application Data\IDM\DwnlData\אר\ComboFix_1211 and attaché him too. I think it's only details of downloading COMBOFIX.EXE by IDM.

 

Malwarebytes Anti-Rootkit did not find anything so it did not ask me to restart. Attached MBAR files. 

 

Thanks, 

Arie

ComboFix5.txt

ComboFix2.txt

ComboFix3.txt

ComboFix4.txt

ComboFix_1211.log

system-log.txt

mbar-log-2014-12-18 (14-24-19).txt

[AdvancedSetup]

Click on START - RUN and type in COMBOFIX.EXE  /UNINSTALL

 

Then click OK and it should uninstall combofix. Let me know how that goes.

[aresler]

Good Day, 

It has done the uninstall process at the end it notified: "Combofix is uninstalled". 

Thanks, 

Arie

[aresler]

Good day, 

Do you have more guidelines to continue?

Thanks

[AdvancedSetup]

How is the computer running now?

Are there still any signs of an infection?

[aresler]

Good day,

I changed the definitions of Malwarebytes Anti-Malware to start with Windows.

I'll leave it to work constantly.

Some of the software you instructed me to run uninstalled some applications from my computer. It uninstalled even a licensed Program like Babylon. I would not install back anything till I'll be sure everything run well.

Let see for few days if we'll get BSOD.

I'll let you know.

Thanks a lot,

Arie

[aresler]

Sorry, 

After some hours of working we get BSOD:

 

Microsoft ® Windows Debugger Version 6.12.0002.633 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\Minidump\Mini122514-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_qfe.130704-0421

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Thu Dec 25 03:14:00.843 2014 (UTC + 2:00)

System Uptime: 0 days 13:35:58.813

Loading Kernel Symbols

...............................................................

................................................................

...............................

Loading User Symbols

Loading unloaded module list

...................................

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 6, {0, 0, 0, 0}

 

Unable to load image mbam.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for mbam.sys

*** ERROR: Module load completed but symbols could not be loaded for mbam.sys

Probably caused by : mbam.sys ( mbam+1cf8 )

 

Followup: MachineOwner

---------

 

1: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

INVALID_PROCESS_DETACH_ATTEMPT (6)

Arguments:

Arg1: 00000000

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000

 

Debugging Details:

------------------

 

 

CUSTOMER_CRASH_COUNT:  1

 

DEFAULT_BUCKET_ID:  DRIVER_FAULT

 

BUGCHECK_STR:  0x6

 

PROCESS_NAME:  mbamservice.exe

 

LAST_CONTROL_TRANSFER:  from 804f885d to 804f9f7e

 

STACK_TEXT:  

b84efb6c 804f885d 00000006 8ae12050 00000000 nt!KeBugCheck+0x14

b84efb8c 805a880c b84efba4 8ae12050 00000000 nt!KeUnstackDetachProcess+0x119

b84efbdc b7e2a64d 89471be0 8a084728 00000001 nt!MmProbeAndLockProcessPages+0x6a

b84efce0 b4200cf8 8a18e250 b420411c e55f9458 fltmgr!FltSendMessage+0x1db

WARNING: Stack unwind information not available. Following frames may be wrong.

b84efd18 b4200873 00000001 0000005a e55f9458 mbam+0x1cf8

b84efd48 b4200a10 88f0e008 0000167c 8b234318 mbam+0x1873

b84efd64 b7e3cdec 89f990e0 ea345ccc 8a308230 mbam+0x1a10

b84efd7c 80538923 89f990e0 00000000 8b234318 fltmgr!FltpProcessDeferredIoWorkItem+0x16

b84efdac 805cffee 89f990e0 00000000 00000000 nt!ExpWorkerThread+0xef

b84efddc 8054620e 80538834 00000000 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

 

 

STACK_COMMAND:  kb

 

FOLLOWUP_IP: 

mbam+1cf8

b4200cf8 ??              ???

 

SYMBOL_STACK_INDEX:  4

 

SYMBOL_NAME:  mbam+1cf8

 

FOLLOWUP_NAME:  MachineOwner

 

MODULE_NAME: mbam

 

IMAGE_NAME:  mbam.sys

 

DEBUG_FLR_IMAGE_TIMESTAMP:  540754db

 

FAILURE_BUCKET_ID:  0x6_mbam+1cf8

 

BUCKET_ID:  0x6_mbam+1cf8

 

Followup: MachineOwner

---------

[AdvancedSetup]

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 

[aresler]

I was very busy; it will take me one more day. 

Thanks

[aresler]

No threats found. 

Attached logs (only 2). 

 

TDSSKiller.3.0.0.42_30.12.2014_00.13.08_log.txt

TDSSKiller.3.0.0.42_30.12.2014_00.19.06_log.txt

[AdvancedSetup]

Please temporarily uninstall your AVG antivirus and reboot the system. Then download and run their removal tool to remove left over items.

 

http://www.avg.com/us-en/utilities

 

Then temporarily install Avira free antivirus and update it and do a full system scan and let me know if it finds anything or not.

 

http://filehippo.com/search?q=avira

 

Thanks

[aresler]

Good day, 

I don't use AVG (may be a long time ago) but I run their removal tool to remove left over items.

Avira found some infections, I run it separately for rootkits. No rootkits found. 

Appended log: 

 

Avira Free Antivirus

Report file date: יום רביעי 31 דצמבר 2014  13:42

 

 

The program is running as an unrestricted full version.

Online services are available.

 

Licensee        : Avira Antivirus Free

Serial number   : 0000149996-AVHOE-0000001

Platform        : Microsoft Windows XP

Windows version : (Service Pack 3)  [5.1.2600]

Boot mode       : Normally booted

Username        : אר

Computer name   : ARCOMPUTER

 

Version information:

BUILD.DAT       : 14.0.7.468     91859 Bytes  24/11/2014 10:23:00

AVSCAN.EXE      : 14.0.7.462   1015544 Bytes  24/11/2014 08:23:24

AVSCANRC.DLL    : 14.0.7.308     54576 Bytes  24/11/2014 08:23:24

LUKE.DLL        : 14.0.7.462     60664 Bytes  24/11/2014 08:23:29

AVSCPLR.DLL     : 14.0.7.440     93488 Bytes  24/11/2014 08:23:24

REPAIR.DLL      : 14.0.7.412    366328 Bytes  24/11/2014 08:23:24

REPAIR.RDF      : 1.0.3.52      632267 Bytes  30/12/2014 12:21:31

AVREG.DLL       : 14.0.7.310    264952 Bytes  24/11/2014 08:23:23

AVLODE.DLL      : 14.0.7.440    561456 Bytes  24/11/2014 08:23:23

AVLODE.RDF      : 14.0.4.54      78895 Bytes  30/12/2014 12:21:01

XBV00013.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:33

XBV00014.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:33

XBV00015.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:33

XBV00016.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:33

XBV00017.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:33

XBV00018.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00019.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00020.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00021.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00022.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00023.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00024.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00025.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00026.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00027.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00028.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00029.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00030.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00031.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00032.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00033.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00034.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00035.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00036.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00037.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00038.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00039.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00040.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00041.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 08:23:34

XBV00133.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00134.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00135.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00136.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00137.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00138.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00139.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00140.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00141.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00142.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00143.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00144.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00145.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00146.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00147.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00148.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00149.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00150.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00151.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00152.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00153.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00154.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00155.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00156.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00157.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00158.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00159.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00160.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00161.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00162.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00163.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00164.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00165.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00166.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00167.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00168.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00169.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00170.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00171.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00172.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:14

XBV00173.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00174.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00175.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00176.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00177.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00178.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00179.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00180.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00181.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00182.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00183.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00184.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00185.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00186.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00187.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00188.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00189.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00190.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00191.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00192.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00193.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00194.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:15

XBV00195.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00196.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00197.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00198.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00199.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00200.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00201.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00202.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00203.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00204.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00205.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00206.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00207.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00208.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00209.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00210.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00211.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00212.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00213.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00214.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00215.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00216.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00217.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00218.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00219.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00220.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00221.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00222.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00223.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:16

XBV00224.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00225.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00226.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00227.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00228.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00229.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00230.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00231.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00232.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00233.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00234.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00235.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00236.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00237.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00238.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00239.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00240.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00241.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00242.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00243.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00244.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00245.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00246.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:17

XBV00247.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00248.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00249.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00250.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00251.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00252.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00253.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00254.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00255.VDF    : 8.11.197.100     2048 Bytes  23/12/2014 12:21:18

XBV00000.VDF    : 7.11.70.0   66736640 Bytes  04/04/2013 08:23:33

XBV00001.VDF    : 7.11.74.226  2201600 Bytes  30/04/2013 08:23:33

XBV00002.VDF    : 7.11.80.60   2751488 Bytes  28/05/2013 08:23:33

XBV00003.VDF    : 7.11.85.214  2162688 Bytes  21/06/2013 08:23:33

XBV00004.VDF    : 7.11.91.176  3903488 Bytes  23/07/2013 08:23:33

XBV00005.VDF    : 7.11.98.186  6822912 Bytes  29/08/2013 08:23:33

XBV00006.VDF    : 7.11.139.38 15708672 Bytes  27/03/2014 08:23:33

XBV00007.VDF    : 7.11.152.100  4193792 Bytes  02/06/2014 08:23:33

XBV00008.VDF    : 8.11.165.192  4251136 Bytes  07/08/2014 08:23:33

XBV00009.VDF    : 8.11.172.30  2094080 Bytes  15/09/2014 08:23:33

XBV00010.VDF    : 8.11.178.32  1581056 Bytes  14/10/2014 08:23:33

XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 08:23:33

XBV00012.VDF    : 8.11.190.32  1876992 Bytes  03/12/2014 12:21:02

XBV00042.VDF    : 8.11.190.56    35840 Bytes  03/12/2014 12:21:02

XBV00043.VDF    : 8.11.192.58     2048 Bytes  03/12/2014 12:21:02

XBV00044.VDF    : 8.11.192.86    18944 Bytes  03/12/2014 12:21:02

XBV00045.VDF    : 8.11.192.110     7680 Bytes  03/12/2014 12:21:03

XBV00046.VDF    : 8.11.192.134     5120 Bytes  03/12/2014 12:21:03

XBV00047.VDF    : 8.11.192.138     9216 Bytes  03/12/2014 12:21:03

XBV00048.VDF    : 8.11.192.140     4608 Bytes  04/12/2014 12:21:03

XBV00049.VDF    : 8.11.192.144     8192 Bytes  04/12/2014 12:21:03

XBV00050.VDF    : 8.11.192.146    20480 Bytes  04/12/2014 12:21:03

XBV00051.VDF    : 8.11.192.148    19456 Bytes  04/12/2014 12:21:04

XBV00052.VDF    : 8.11.192.152    12800 Bytes  04/12/2014 12:21:04

XBV00053.VDF    : 8.11.192.154     5120 Bytes  04/12/2014 12:21:04

XBV00054.VDF    : 8.11.192.158     2048 Bytes  04/12/2014 12:21:04

XBV00055.VDF    : 8.11.192.160     2048 Bytes  04/12/2014 12:21:04

XBV00056.VDF    : 8.11.192.162     2048 Bytes  04/12/2014 12:21:05

XBV00057.VDF    : 8.11.192.166     8192 Bytes  04/12/2014 12:21:05

XBV00058.VDF    : 8.11.192.168     6144 Bytes  05/12/2014 12:21:05

XBV00059.VDF    : 8.11.192.172     6144 Bytes  05/12/2014 12:21:05

XBV00060.VDF    : 8.11.192.236    24064 Bytes  05/12/2014 12:21:05

XBV00061.VDF    : 8.11.192.238     2048 Bytes  05/12/2014 12:21:06

XBV00062.VDF    : 8.11.193.22    11776 Bytes  05/12/2014 12:21:07

XBV00063.VDF    : 8.11.193.42    29696 Bytes  06/12/2014 12:21:07

XBV00064.VDF    : 8.11.193.66    41472 Bytes  06/12/2014 12:21:07

XBV00065.VDF    : 8.11.193.68     2048 Bytes  06/12/2014 12:21:07

XBV00066.VDF    : 8.11.193.70    37888 Bytes  07/12/2014 12:21:07

XBV00067.VDF    : 8.11.193.76    13824 Bytes  07/12/2014 12:21:08

XBV00068.VDF    : 8.11.193.78    31744 Bytes  08/12/2014 12:21:08

XBV00069.VDF    : 8.11.193.98     2048 Bytes  08/12/2014 12:21:08

XBV00070.VDF    : 8.11.193.118     7680 Bytes  08/12/2014 12:21:08

XBV00071.VDF    : 8.11.193.138     3584 Bytes  08/12/2014 12:21:08

XBV00072.VDF    : 8.11.193.158    24064 Bytes  08/12/2014 12:21:09

XBV00073.VDF    : 8.11.193.160     2048 Bytes  08/12/2014 12:21:09

XBV00074.VDF    : 8.11.193.162     2048 Bytes  08/12/2014 12:21:09

XBV00075.VDF    : 8.11.193.168     2560 Bytes  08/12/2014 12:21:09

XBV00076.VDF    : 8.11.193.170     2048 Bytes  08/12/2014 12:21:09

XBV00077.VDF    : 8.11.193.172     2048 Bytes  08/12/2014 12:21:09

XBV00078.VDF    : 8.11.193.174    31232 Bytes  08/12/2014 12:21:10

XBV00079.VDF    : 8.11.193.176     2048 Bytes  08/12/2014 12:21:10

XBV00080.VDF    : 8.11.193.180    14336 Bytes  09/12/2014 12:21:10

XBV00081.VDF    : 8.11.193.184     8192 Bytes  09/12/2014 12:21:10

XBV00082.VDF    : 8.11.193.188    10240 Bytes  09/12/2014 12:21:10

XBV00083.VDF    : 8.11.193.190     4096 Bytes  09/12/2014 12:21:11

XBV00084.VDF    : 8.11.193.192     5120 Bytes  09/12/2014 12:21:11

XBV00085.VDF    : 8.11.193.194     7680 Bytes  09/12/2014 12:21:11

XBV00086.VDF    : 8.11.193.196     9216 Bytes  09/12/2014 12:21:11

XBV00087.VDF    : 8.11.193.198     2048 Bytes  09/12/2014 12:21:11

XBV00088.VDF    : 8.11.193.202    25088 Bytes  09/12/2014 12:21:11

XBV00089.VDF    : 8.11.193.208    63488 Bytes  09/12/2014 12:21:12

XBV00090.VDF    : 8.11.197.100  1426944 Bytes  23/12/2014 12:21:12

XBV00091.VDF    : 8.11.197.116     5120 Bytes  23/12/2014 12:21:12

XBV00092.VDF    : 8.11.197.134    22016 Bytes  23/12/2014 12:21:12

XBV00093.VDF    : 8.11.197.152    21504 Bytes  23/12/2014 12:21:12

XBV00094.VDF    : 8.11.197.154     2048 Bytes  23/12/2014 12:21:12

XBV00095.VDF    : 8.11.197.156    12288 Bytes  23/12/2014 12:21:12

XBV00096.VDF    : 8.11.197.158     8192 Bytes  23/12/2014 12:21:12

XBV00097.VDF    : 8.11.197.160    26112 Bytes  24/12/2014 12:21:12

XBV00098.VDF    : 8.11.197.162     8192 Bytes  24/12/2014 12:21:12

XBV00099.VDF    : 8.11.197.164    20480 Bytes  24/12/2014 12:21:12

XBV00100.VDF    : 8.11.197.166     7680 Bytes  24/12/2014 12:21:12

XBV00101.VDF    : 8.11.197.170    22016 Bytes  24/12/2014 12:21:12

XBV00102.VDF    : 8.11.197.172     6144 Bytes  24/12/2014 12:21:12

XBV00103.VDF    : 8.11.197.174     6144 Bytes  24/12/2014 12:21:12

XBV00104.VDF    : 8.11.197.190    44032 Bytes  25/12/2014 12:21:12

XBV00105.VDF    : 8.11.197.204     2048 Bytes  25/12/2014 12:21:12

XBV00106.VDF    : 8.11.197.218    16896 Bytes  25/12/2014 12:21:12

XBV00107.VDF    : 8.11.197.232     6656 Bytes  25/12/2014 12:21:12

XBV00108.VDF    : 8.11.197.248    94208 Bytes  26/12/2014 12:21:12

XBV00109.VDF    : 8.11.198.6     12288 Bytes  26/12/2014 12:21:12

XBV00110.VDF    : 8.11.198.20    13824 Bytes  26/12/2014 12:21:12

XBV00111.VDF    : 8.11.198.36    10752 Bytes  26/12/2014 12:21:12

XBV00112.VDF    : 8.11.198.38     2048 Bytes  26/12/2014 12:21:12

XBV00113.VDF    : 8.11.198.40     2048 Bytes  26/12/2014 12:21:13

XBV00114.VDF    : 8.11.198.54   108544 Bytes  27/12/2014 12:21:13

XBV00115.VDF    : 8.11.198.56     2048 Bytes  27/12/2014 12:21:13

XBV00116.VDF    : 8.11.198.70    23552 Bytes  27/12/2014 12:21:13

XBV00117.VDF    : 8.11.198.88    94208 Bytes  28/12/2014 12:21:13

XBV00118.VDF    : 8.11.198.100    18432 Bytes  28/12/2014 12:21:13

XBV00119.VDF    : 8.11.198.112    85504 Bytes  29/12/2014 12:21:13

XBV00120.VDF    : 8.11.198.114     2048 Bytes  29/12/2014 12:21:13

XBV00121.VDF    : 8.11.198.126    13824 Bytes  29/12/2014 12:21:13

XBV00122.VDF    : 8.11.198.138     4096 Bytes  29/12/2014 12:21:13

XBV00123.VDF    : 8.11.198.150     9216 Bytes  29/12/2014 12:21:13

XBV00124.VDF    : 8.11.198.162    12288 Bytes  29/12/2014 12:21:13

XBV00125.VDF    : 8.11.198.176    23040 Bytes  29/12/2014 12:21:13

XBV00126.VDF    : 8.11.198.178    12800 Bytes  29/12/2014 12:21:13

XBV00127.VDF    : 8.11.198.180   109056 Bytes  30/12/2014 12:21:13

XBV00128.VDF    : 8.11.198.182     9728 Bytes  30/12/2014 20:55:15

XBV00129.VDF    : 8.11.198.184    11264 Bytes  30/12/2014 20:55:15

XBV00130.VDF    : 8.11.198.186    12800 Bytes  30/12/2014 20:55:15

XBV00131.VDF    : 8.11.198.188     7680 Bytes  30/12/2014 20:55:15

XBV00132.VDF    : 8.11.198.192    14848 Bytes  30/12/2014 20:55:15

LOCAL001.VDF    : 8.11.198.192 118392320 Bytes  30/12/2014 20:55:31

Engine version  : 8.3.28.4  

AEVDF.DLL       : 8.3.1.6       133992 Bytes  24/11/2014 08:23:20

AESCRIPT.DLL    : 8.2.2.40      546728 Bytes  30/12/2014 12:20:58

AESCN.DLL       : 8.3.2.2       139456 Bytes  24/11/2014 08:23:20

AESBX.DLL       : 8.2.20.24    1409224 Bytes  24/11/2014 08:23:20

AERDL.DLL       : 8.2.1.16      743328 Bytes  24/11/2014 08:23:20

AEPACK.DLL      : 8.4.0.56      789360 Bytes  30/12/2014 12:20:58

AEOFFICE.DLL    : 8.3.1.8       350120 Bytes  30/12/2014 12:20:58

AEMOBILE.DLL    : 8.1.2.0       277360 Bytes  30/12/2014 12:21:00

AEHEUR.DLL      : 8.1.4.1454   7940008 Bytes  30/12/2014 12:20:57

AEHELP.DLL      : 8.3.1.0       278728 Bytes  24/11/2014 08:23:20

AEGEN.DLL       : 8.1.7.40      456608 Bytes  30/12/2014 12:20:56

AEEXP.DLL       : 8.4.2.48      252776 Bytes  30/12/2014 12:20:59

AEEMU.DLL       : 8.1.3.4       399264 Bytes  24/11/2014 08:23:20

AEDROID.DLL     : 8.4.3.6       850800 Bytes  30/12/2014 12:20:59

AECORE.DLL      : 8.3.4.0       243624 Bytes  30/12/2014 12:20:56

AEBB.DLL        : 8.1.2.0        60448 Bytes  24/11/2014 08:23:20

AVWINLL.DLL     : 14.0.7.308     25904 Bytes  24/11/2014 08:23:25

AVPREF.DLL      : 14.0.7.308     52016 Bytes  24/11/2014 08:23:23

AVREP.DLL       : 14.0.7.308    220976 Bytes  24/11/2014 08:23:24

AVARKT.DLL      : 14.0.7.308    227632 Bytes  24/11/2014 08:23:21

AVEVTLOG.DLL    : 14.0.7.440    184112 Bytes  24/11/2014 08:23:21

SQLITE3.DLL     : 14.0.7.308    453936 Bytes  24/11/2014 08:23:32

AVSMTP.DLL      : 14.0.7.308     79096 Bytes  24/11/2014 08:23:24

NETNT.DLL       : 14.0.7.308     15152 Bytes  24/11/2014 08:23:29

RCIMAGE.DLL     : 14.0.7.308   4866808 Bytes  24/11/2014 08:23:30

RCTEXT.DLL      : 14.0.7.318     75568 Bytes  24/11/2014 08:23:31

 

Configuration settings for the scan:

Jobname.............................: Manual Selection

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp

Reporting...........................: default

Primary action......................: Interactive

Secondary action....................: Ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, 

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Use file extension list

File extensions.....................: +TIB,

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: extended

 

Start of the scan: יום רביעי 31 דצמבר 2014  13:42

 

Start scanning boot sectors:

Boot sector 'HDD0(C:, D:)'

    [iNFO]      No virus was found!

 

The scan of running processes will be started:

Scan process 'avscan.exe' - '101' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '144' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '89' Module(s) have been scanned

Scan process 'OUTLOOK.EXE' - '125' Module(s) have been scanned

Scan process 'nvcplui.exe' - '65' Module(s) have been scanned

Scan process 'msdtc.exe' - '48' Module(s) have been scanned

Scan process 'dllhost.exe' - '70' Module(s) have been scanned

Scan process 'avcenter.exe' - '138' Module(s) have been scanned

Scan process 'Avira.OE.Systray.exe' - '138' Module(s) have been scanned

Scan process 'Avira.OE.ServiceHost.exe' - '135' Module(s) have been scanned

Scan process 'ServiioConsole.exe' - '65' Module(s) have been scanned

Scan process 'DUC20.exe' - '50' Module(s) have been scanned

Scan process 'svchost.exe' - '38' Module(s) have been scanned

Scan process 'alg.exe' - '37' Module(s) have been scanned

Scan process 'WPFFontCache_v0400.exe' - '21' Module(s) have been scanned

Scan process 'SystemExplorerService.exe' - '30' Module(s) have been scanned

Scan process 'wscntfy.exe' - '36' Module(s) have been scanned

Scan process 'avshadow.exe' - '28' Module(s) have been scanned

Scan process 'fxssvc.exe' - '40' Module(s) have been scanned

Scan process 'CALMAIN.exe' - '29' Module(s) have been scanned

Scan process 'syncagentsrv.exe' - '49' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'ServiioService.exe' - '79' Module(s) have been scanned

Scan process 'ServiioService.exe' - '11' Module(s) have been scanned

Scan process 'locator.exe' - '32' Module(s) have been scanned

Scan process 'RichVideo.exe' - '22' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '45' Module(s) have been scanned

Scan process 'NvNetworkService.exe' - '31' Module(s) have been scanned

Scan process 'NBService.exe' - '48' Module(s) have been scanned

Scan process 'MDM.EXE' - '23' Module(s) have been scanned

Scan process 'jqs.exe' - '35' Module(s) have been scanned

Scan process 'inetinfo.exe' - '50' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '84' Module(s) have been scanned

Scan process 'avguard.exe' - '116' Module(s) have been scanned

Scan process 'svchost.exe' - '56' Module(s) have been scanned

Scan process 'afcdpsrv.exe' - '30' Module(s) have been scanned

Scan process 'schedul2.exe' - '37' Module(s) have been scanned

Scan process 'NetworkLicenseServer.exe' - '41' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'spoolsv.exe' - '65' Module(s) have been scanned

Scan process 'rundll32.exe' - '44' Module(s) have been scanned

Scan process 'avgnt.exe' - '103' Module(s) have been scanned

Scan process 'ipoint.exe' - '62' Module(s) have been scanned

Scan process 'itype.exe' - '61' Module(s) have been scanned

Scan process 'rundll32.exe' - '49' Module(s) have been scanned

Scan process 'jusched.exe' - '24' Module(s) have been scanned

Scan process 'RunDLL32.exe' - '63' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '52' Module(s) have been scanned

Scan process 'NvBackend.exe' - '62' Module(s) have been scanned

Scan process 'ctfmon.exe' - '29' Module(s) have been scanned

Scan process 'brctrcen.exe' - '54' Module(s) have been scanned

Scan process 'SystemExplorer.exe' - '77' Module(s) have been scanned

Scan process 'TibMounterMonitor.exe' - '48' Module(s) have been scanned

Scan process 'schedhlp.exe' - '39' Module(s) have been scanned

Scan process 'nusb3mon.exe' - '42' Module(s) have been scanned

Scan process 'RtkDashClient.exe' - '41' Module(s) have been scanned

Scan process 'TrueImageMonitor.exe' - '84' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '23' Module(s) have been scanned

Scan process 'Explorer.EXE' - '123' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '169' Module(s) have been scanned

Scan process 'svchost.exe' - '50' Module(s) have been scanned

Scan process 'svchost.exe' - '61' Module(s) have been scanned

Scan process 'lsass.exe' - '63' Module(s) have been scanned

Scan process 'services.exe' - '33' Module(s) have been scanned

Scan process 'winlogon.exe' - '80' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

 

Starting to scan executable files (registry):

The registry was scanned ( '8246' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

    [0] Archive type: Portable Executable Resource

    --> id_95

        [1] Archive type: CAB (Microsoft)

      --> resource.dat

          [2] Archive type: OVL

        --> C:\Documents and Settings\אר\Local Settings\temp\jre-7u65-windows-i586-iftw.exe

            [3] Archive type: Runtime Packed

          --> C:\Documents and Settings\אר\Local Settings\temp\jre-7u67-windows-i586-iftw.exe

              [4] Archive type: Runtime Packed

            --> C:\Documents and Settings\אר\Local Settings\temp\jre-7u71-windows-i586-iftw.exe

                [5] Archive type: Runtime Packed

              --> C:\Documents and Settings\אר\My Documents\Downloads\441Israel-ver3-1.apk

                  [6] Archive type: ZIP

                --> classes.dex

                    [DETECTION] Contains code of the ANDROID/AndrAgentG.A virus

                    [WARNING]   Infected files in archives cannot be repaired

C:\Documents and Settings\אר\My Documents\Downloads\441Israel-ver3-1.apk

  [DETECTION] Contains code of the ANDROID/AndrAgentG.A virus

C:\Documents and Settings\אר\My Documents\Downloads\TornTV_Setup (1).exe

  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen

C:\Documents and Settings\אר\My Documents\Downloads\TornTV_Setup.exe

  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen

              --> C:\Install\ip-change\ip-change.zip

                  [6] Archive type: ZIP

                --> vins.co.il - .exe

                    [DETECTION] Is the TR/Swisyn.bsgx.1 Trojan

                    [WARNING]   Infected files in archives cannot be repaired

C:\Install\ip-change\ip-change.zip

  [DETECTION] Is the TR/Swisyn.bsgx.1 Trojan

C:\Program Files\exe.js

  [DETECTION] Contains recognition pattern of the VBS/Dldr.Agent.aal VBS script virus

Begin scan in 'D:\'

              --> D:\emule2008\incoming\JavaSetup7u10.exe

                  [6] Archive type: Runtime Packed

                --> D:\emule2008\incoming\JavaSetup7u15.exe

                    [7] Archive type: Runtime Packed

                  --> D:\emule2008\incoming\JavaSetup7u25.exe

                      [8] Archive type: Runtime Packed

                    --> D:\emule2008\incoming\JavaSetup7u45.exe

                        [9] Archive type: Runtime Packed

                      --> D:\emule2008\incoming\JavaSetup7u55.exe

                          [10] Archive type: Runtime Packed

                        --> D:\emule2008\incoming\JavaSetup7u55_2.exe

                            [11] Archive type: Runtime Packed

                          --> D:\emule2008\incoming\JavaSetup7u65.exe

                              [12] Archive type: Runtime Packed

                            --> D:\emule2008\incoming\JavaSetup7u65_2.exe

                                [13] Archive type: Runtime Packed

                              --> D:\emule2008\incoming\rechnung_november_2014_0003900028.zip

                                  [14] Archive type: ZIP

                                --> rechnung_november_2014_0003900028_2014_11_0029302375471_03_444_0039938289.exe

                                    [DETECTION] Is the TR/Dropper.A.33423 Trojan

                                    [WARNING]   Infected files in archives cannot be repaired

D:\emule2008\incoming\rechnung_november_2014_0003900028.zip

  [DETECTION] Is the TR/Dropper.A.33423 Trojan

                              --> D:\emule2008\incoming\Serial Key Downloader.zip

                                  [14] Archive type: ZIP

                                --> Serial Key Downloader/Serial Key Downloader Installer.rar

                                    [15] Archive type: RAR

                                  --> Serial Key Downloader.exe

                                      [16] Archive type: NSIS

                                    --> ProgramFilesDir/ins.dat

                                        [DETECTION] Contains virus patterns of Adware ADWARE/Downware.BE

                                        [WARNING]   Infected files in archives cannot be repaired

D:\emule2008\incoming\Serial Key Downloader.zip

  [DETECTION] Contains virus patterns of Adware ADWARE/Downware.BE

                              --> D:\emule2008\incoming\[威力導演.11.極致版].CyberLink.PowerDirector.Ultra.v11.0.0.2418.Incl.Keymaker-CORE.zip

                                  [14] Archive type: ZIP

                                    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan

                                    [WARNING]   Infected files in archives cannot be repaired

D:\emule2008\incoming\[威力導演.11.極致版].CyberLink.PowerDirector.Ultra.v11.0.0.2418.Incl.Keymaker-CORE.zip

  [DETECTION] Is the TR/Crypt.XDR.Gen Trojan

                              --> D:\Naamat Disks\Drive©\Install\BitTorrent-6.1.2.exe\BitTorrent-6.1.2.exe

                                  [14] Archive type: NSIS

                                --> D:\Naamat Disks\Drive©\Install\e-mule\eMule.0.48a.Razorback3.Next.Generation.v4.2.Mod-Installer.exe

                                    [15] Archive type: NSIS

                                  --> ProgramFilesDir/emule.exe

                                      [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

                                      [WARNING]   Infected files in archives cannot be repaired

                                  --> ProgramFilesDir/eMule.0.48a.Razorback3.Next.Generation.v4.2.Mod-Binary.(fast.and.xtreme).rar

                                      [16] Archive type: RAR

                                    --> emule.exe

                                        [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

                                        [WARNING]   Infected files in archives cannot be repaired

D:\Naamat Disks\Drive©\Install\e-mule\eMule.0.48a.Razorback3.Next.Generation.v4.2.Mod-Installer.exe

  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

                                --> D:\Naamat Disks\Drive©\Install\טכנאי PC\טכנאי פי.סי\טכנאי פי.סי\Audio Video+codec\photomeister.zip

                                    [15] Archive type: ZIP

                                  --> D:\Naamat Disks\Drive©\Install\טכנאי PC\טכנאי פי.סי\טכנאי פי.סי\Audio Video+codec\Cyberlink PowerDVD Pro 6\DXMEDIA.EXE

                                      [16] Archive type: RSRC

                                    --> D:\Naamat Disks\Drive©\Install\טכנאי PC\טכנאי פי.סי\טכנאי פי.סי\כלי ניתור ובדיקה\SmartBuster Setup.exe

                                        [17] Archive type: Inno Setup

                                      --> {app}\SmartBuster.exe

                                          [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

                                          [WARNING]   Infected files in archives cannot be repaired

D:\Naamat Disks\Drive©\Install\טכנאי PC\טכנאי פי.סי\טכנאי פי.סי\כלי ניתור ובדיקה\SmartBuster Setup.exe

  [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

D:\NEW C.rar folder\NEW C\Documents and Settings\אריהר\Application Data\Microsoft\Templates\TA.pot

  [DETECTION] Contains recognition pattern of the EXP/PPT.Dropper.Gen exploit

D:\Volume K\System Explorer\cnet_SystemExplorerSetup_352_exe.exe

  [DETECTION] Contains virus patterns of Adware ADWARE/InstallCore.Gen

D:\מחשבישן Arie©\INSTALL\BackupNow\Backup NOW 3.0 Deluxe.exe

  [DETECTION] Contains recognition pattern of the W32/Parite.BadClean.Gen Windows virus

D:\מחשבישן Arie©\INSTALL\QuickTime\dialer.exe

  [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer

D:\מחשבישן Arie©\INSTALL\QuickTime\movies.exe

  [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer

D:\מחשבישן Arie©\INSTALL\QuickTime\xxx_kogal.exe

  [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer

D:\מחשבישן Arie©\INSTALL\מיליונר\mil.exe

  [DETECTION] Is the TR/Rogue.2300751 Trojan

 

Beginning disinfection:

D:\מחשבישן Arie©\INSTALL\מיליונר\mil.exe

  [DETECTION] Is the TR/Rogue.2300751 Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '5150a4cb.qua'!

D:\מחשבישן Arie©\INSTALL\QuickTime\xxx_kogal.exe

  [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer

  [NOTE]      The file was moved to the quarantine directory under the name '49cb8b7b.qua'!

D:\מחשבישן Arie©\INSTALL\QuickTime\movies.exe

  [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer

  [NOTE]      The file was moved to the quarantine directory under the name '1b92d18a.qua'!

D:\מחשבישן Arie©\INSTALL\QuickTime\dialer.exe

  [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer

  [NOTE]      The file was moved to the quarantine directory under the name '7dba9e47.qua'!

D:\מחשבישן Arie©\INSTALL\BackupNow\Backup NOW 3.0 Deluxe.exe

  [DETECTION] Contains recognition pattern of the W32/Parite.BadClean.Gen Windows virus

  [NOTE]      The file was moved to the quarantine directory under the name '383cb341.qua'!

D:\Volume K\System Explorer\cnet_SystemExplorerSetup_352_exe.exe

  [DETECTION] Contains virus patterns of Adware ADWARE/InstallCore.Gen

  [NOTE]      The file was moved to the quarantine directory under the name '47298105.qua'!

D:\NEW C.rar folder\NEW C\Documents and Settings\אריהר\Application Data\Microsoft\Templates\TA.pot

  [DETECTION] Contains recognition pattern of the EXP/PPT.Dropper.Gen exploit

  [NOTE]      The file was moved to the quarantine directory under the name '0a4aad79.qua'!

D:\Naamat Disks\Drive©\Install\טכנאי PC\טכנאי פי.סי\טכנאי פי.סי\כלי ניתור ובדיקה\SmartBuster Setup.exe

  [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '7785ed1c.qua'!

D:\Naamat Disks\Drive©\Install\e-mule\eMule.0.48a.Razorback3.Next.Generation.v4.2.Mod-Installer.exe

  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program

  [NOTE]      The file was moved to the quarantine directory under the name '5ac3c277.qua'!

D:\emule2008\incoming\[威力導演.11.極致版].CyberLink.PowerDirector.Ultra.v11.0.0.2418.Incl.Keymaker-CORE.zip

  [DETECTION] Is the TR/Crypt.XDR.Gen Trojan

  [NOTE]      The file was moved to the quarantine directory under the name 'b18da00c.qua'!

D:\emule2008\incoming\Serial Key Downloader.zip

  [DETECTION] Contains virus patterns of Adware ADWARE/Downware.BE

  [NOTE]      The file was moved to the quarantine directory under the name '2ff8d527.qua'!

D:\emule2008\incoming\rechnung_november_2014_0003900028.zip

  [DETECTION] Is the TR/Dropper.A.33423 Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '5e50ecb2.qua'!

C:\Program Files\exe.js

  [DETECTION] Contains recognition pattern of the VBS/Dldr.Agent.aal VBS script virus

  [NOTE]      The file was moved to the quarantine directory under the name '5044dc68.qua'!

C:\Install\ip-change\ip-change.zip

  [DETECTION] Is the TR/Swisyn.bsgx.1 Trojan

  [NOTE]      The file was moved to the quarantine directory under the name '14b5a522.qua'!

C:\Documents and Settings\אר\My Documents\Downloads\TornTV_Setup.exe

  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen

  [NOTE]      The file was moved to the quarantine directory under the name '1c79a079.qua'!

C:\Documents and Settings\אר\My Documents\Downloads\TornTV_Setup (1).exe

  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen

  [NOTE]      The file was moved to the quarantine directory under the name '4438b911.qua'!

C:\Documents and Settings\אר\My Documents\Downloads\441Israel-ver3-1.apk

  [DETECTION] Contains code of the ANDROID/AndrAgentG.A virus

  [NOTE]      The file was moved to the quarantine directory under the name '690fc117.qua'!

 

 

End of the scan: יום רביעי 31 דצמבר 2014  15:56

Used time:  2:09:21 Hour(s)

 

The scan has been done completely.

 

  35009 Scanned directories

 946994 Files were scanned

     25 Viruses and/or unwanted programs were found

      0 Files were classified as suspicious

      0 Files were deleted

      0 Viruses and unwanted programs were repaired

     17 Files were moved to quarantine

      0 Files were renamed

      0 Files cannot be scanned

 946969 Files not concerned

  18905 Archives were scanned

      8 Warnings

     17 Notes

[AdvancedSetup]

Please remove the items found and then let me know how the computer is running now and if you're still seeing any signs of an infection or not.

 

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!