Pop ups-Lower Right

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bikerdan2000, Jul 15, 2012.

  1. bikerdan2000

    bikerdan2000 Private E-2

    I have been getting constant popups on Internet Explorer for about 2 weeks. They usually appear on the lower right of the screen. I ran MS Security Essentials scan, Super antispyware scan, and Malware Bytes scan. Still getting popups. Then, I remembered your page, and did your malware removal sequence. The logs are attached. The hitmanpro log will be on the next post.
     

    Attached Files:

    bikerdan2000, Jul 15, 2012
    #1
  2. bikerdan2000

    bikerdan2000 Private E-2

    The file from hitman pro will not load. If it is needed, I can run the scan again and try to post the log again.

    Thanks
     
    bikerdan2000, Jul 15, 2012
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    As stated in the instructions, you need to put it into a ZIP file because XML file types cannot be attachments. You could also rename the file to hitmanpro.txt which will attach.

    I'm looking thru your logs now.
     
    chaslang, Jul 15, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you sure the popups are just not from something you installed? Like the below for example:
    CWA Reminder by We-Care.com v4.0.16.3

    Uninstall it and see if it uninstalls and the popups go away.

    Who put the below into your hosts file? And why are you looping them back to Cogent Communications and SingleHop ?
    O1 - Hosts: 149.5.18.173 www.google-analytics.com.
    O1 - Hosts: 149.5.18.173 ad-emea.doubleclick.net.
    O1 - Hosts: 149.5.18.173 www.statcounter.com.
    O1 - Hosts: 108.163.215.51 www.google-analytics.com.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 www.statcounter.com.
     
    chaslang, Jul 15, 2012
    #4
  5. bikerdan2000

    bikerdan2000 Private E-2

    Sorry, I tried to attach the wrong file.
     

    Attached Files:

    bikerdan2000, Jul 15, 2012
    #5
  6. bikerdan2000

    bikerdan2000 Private E-2

    Do not know the answer to either question. This is my wife's computer, and I do not know everything she does with it. I did the uninstall you mentioned, and it did not help.
     
    bikerdan2000, Jul 15, 2012
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What exactly do the popups say/show? This may not be malware.

    Ask your wife about the hosts file changes?
     
    chaslang, Jul 17, 2012
    #7
  8. bikerdan2000

    bikerdan2000 Private E-2

    The pop ups only happen when using Internet Explorer 8. They appear in the lower right of the screen, and offer something that relates to whatever the web page refers to. When you close the pop up, and smaller box remains that says "Recommended for you". Since yesterday, there has been a lot of browser redirection to totally unrelated sites.
     
    bikerdan2000, Jul 18, 2012
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Right click on HostsXpert.exe and select Run As Administrator.
    • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program
    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop. (If running Vista or Win7 right-click and select Run as Administrator)
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Change the setting of "Drivers" and "Services" to "All"
    • Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
      Code:
      active
netsvcs
/md5start
afd.sys
atapi.sys
csrss.exe
dhcpcsvc.dll
explorer.exe
lsass.exe
nsiproxy.sys
regedit.exe
services.exe
svchost.exe
tcpip.sys
tdx.sys
userinit.exe
winlogon.exe
/md5stop
%systemdrive%\*.*
%systemdrive%\MGtools\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.sys /90
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%windir%\assembly\GAC\*.ini
%windir%\assembly\GAC_MSIL\*.ini
%windir%\assembly\gac_32\*.ini
%windir%\assembly\gac_64\*.ini
%windir%\assembly\temp\*.ini
%windir%\assembly\tmp\u /s
%allusersprofile%\application data\*.exe
hklm\system\currentcontrolset\services\dhcp
hklm\system\currentcontrolset\services\afd
hklm\system\currentcontrolset\services\tdx
hklm\system\currentcontrolset\services\tcpip
hklm\system\currentcontrolset\services\nsiproxy
hklm\software\microsoft\windows\currentversion\run
hklm\software\microsoft\windows\currentversion\runonce
    • Now click the Run Scan button.
    • Two reports will be created:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Attach both OTL.txt and Extras.txt to your next message. (See how to attach)
     
    chaslang, Jul 20, 2012
    #9
  10. bikerdan2000

    bikerdan2000 Private E-2

    I am attaching the files from the scan. The OTL file was too large to attach as a singe file, so I split it into two. However, after following the two proceedures you described in your last post, I have not seen any pop-ups. It is too soon to declare a total fix, but I am hopeful at this point.

    If this turns out to be a done deal, consider me a satisfied customer. I will post my thanks again after a few pop up free days.
     

    Attached Files:

    bikerdan2000, Jul 20, 2012
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We have another fix to run.


    Now shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    • Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    :OTL
IE - HKU\S-1-5-21-3873205688-1349257848-976956145-1003\..\SearchScopes,DefaultScope = {CDC31931-2BF5-445E-A87B-3A5DDEAD7748}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3873205688-1349257848-976956145-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:517DBC32
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8F067037
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1A5822A3
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F860DBFD
@Alternate Data Stream - 258 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 256 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:E40AB54F
@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:31C9BA96
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:922DA2DB
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:4EE95FE7
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:DC7EDF41
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:7A632F57
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:C0BCE04B
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:8AE92FD3
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:67310058
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:762408BA
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:FD11E093
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:BACD3198
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:0ED1C542
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:90C320E1
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:46CBC45C
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:3EC5BC08
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:24C072FF
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:1E17A249
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:28CCFEFB
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:A9BED2F8
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:F30026CF
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:8B79243A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:2CBD8CCE
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B6E58523
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC769091
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7BFFC6A9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:53F09A92
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5133A494
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F7581CE6
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BECA50FF
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A6E01F67
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A10E88DE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9D06FB9C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:97AAB7F2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6757F885
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:43CBFAB2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:3BC173E4
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1A8854EC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DE3ABE3D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9C7A32BB
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6CF828C2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:28DFF83F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:217A2324
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1CD511E5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FBA79096
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C356A185
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C0A9B815
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:94A31742
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:689E7F7D
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:66FC2E6F
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6294B369
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:404908B5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3A7527E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:30E0D641
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:1CDEDE11
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:025DF3DE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FD7DCDA6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EAF3ADF5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E6B95E40
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D9F34335
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9C732DB0
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6DDFD746
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3FB26DBA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2AF04C69
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9812B773
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:96F8F8AB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6896CCCE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:28D92DA8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:FB71A279
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F2B81C2E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F193BFCF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F13867C6
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DD6F157A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C4CB6EA6
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A6F30843
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A39BC668
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9968F0E2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:952245B1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5D40B34A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:597254A1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F9689B72
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EBCF5924
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AED4A2B7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE8FDB48
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB3339EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:94874C0A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:71B89F61
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:70BDB805
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E8C18F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:57B374AB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:54F0BBF5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:18B5F839
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F7FFE8AF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F5B99CA4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F301EDA7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C8207070
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C178954A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B3A5945E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B2112128
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:98CD9221
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:85376176
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:75CC0165
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:531FD739
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:512336B9
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4D729D61
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A01545C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:436BE28C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32EA849C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D133896
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:13019F4B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:1234ADAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E7729B98
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B1786630
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9C6014C6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99B20AD0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:823606DE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:80253E8D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:77B64C59
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5FD35242
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:553056F1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2775F9E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:25F31665
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041ED421
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:00258EE7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9C337CCE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6D5A15BF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6212DF7A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:48D3CC24
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:363E775E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:300E36AB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:18A6D2CC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0652249D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FBE5FDB9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E369983A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C946EBB2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C7C3B621
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C5DC2B0C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B88DC997
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AA0BC725
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A5948878
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8855A119
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:874ADA37
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:852F2262
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:67CF910D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5DB36C47
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:43ECEA33
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:34445512
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:319D783D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2E3F04BC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:24C89EFC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:16A4620C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F19A4790
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E32D2701
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E153075C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D7B7645F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D4BB0AD6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:CAE3AE67
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C6104C4F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B6D84F71
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9338F136
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8E11CC80
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:62AF94A0
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:58481C6F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:517EFA90
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3D4B733E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:27A88EF2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17EB5BAE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F7401CCF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F41FEB14
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:EB4FEEF5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E9645B80
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6BEADB7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DF5ABA3D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DEE46C4E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CD6DF7CC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C370B84F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BE0654D6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3C7433B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A8185163
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:99F8C0E6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9720EBEF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8204AA35
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8075370B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8029E75F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:754E278B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6E65510A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:51E66512
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4C71A42B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:34C443B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EE2DD6CC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C4A88D6B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:88E8CC2E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:86B7FDDB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7BB20DE8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:627153F1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:54380FEC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4C31986D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2AD33723
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1E942FB9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:076D8ED2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:06EAFA0B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:00D99749
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FF717A18
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FDEE14AC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EB2D2CC5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DB76C881
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C3A047E3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C37283B5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A9223B61
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A71DCB33
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A6F28514
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A42FABF7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:78696BCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:71AEFFEB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6EA64886
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:628C9914
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:39EDBD33
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:33B04540
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1E87A273
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:120B3AFD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EFE7D3C9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DF19F127
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B285A50E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:AB03533D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A8ADEA55
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:678C1866
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F852702
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F70C0B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2B856118
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0F64164E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EDDBC69E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EB68CA55
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D4558A0B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9BB8C675
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:89CC3B44
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7BE5BAAB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:702A7F20
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5A9F1AE5
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:518C333F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:329BA65B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:302ECBD6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:151760F0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EF38B79C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B65280E9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:934CA750
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:91244A8F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7EABF26C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6ECE93A8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6AF6BB0E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:67D43EFA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:51E83E25
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4AC7B5C1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2E636DD9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2ABB51D4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:114C90CA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:04B1A0AC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FFC3922F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F663BB74
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E3615992
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D115F6E4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A9056F42
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9DBE6481
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B47C602
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:864881BF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:78DEA3A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6F0C95A1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:56FBA78D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4C6F9D77
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3C4BD225
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:35501BA4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:26499772
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2077FAC7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:18A25CF1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1095ECE1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EFBD4447
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B86642C5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A798AA1A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:93B68122
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:905BCB57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68A41423
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5FD26EF3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5164A01F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4A906D4A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:14D29229
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0FE0A03C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:04A18F36
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F9F58B80
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E4E83517
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DDF112BD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8A459C3C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8836A712
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:795F6DEC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6447E3B5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:60F3D3BE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D922890
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:27974442
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:152FD00E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E402E439
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A163121A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8FC1A8C4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:658DE22A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3DB6F365
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:398EFF0F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2F474C84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2F1D743F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2636DE16
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0DE96CF5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0A74923C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F72306CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DA378DD8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C2BD975
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:65137F0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5DD4100E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5511B474
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:48862C37
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:384AA0FD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:092BD83A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FFD58FFB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FD6D11C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B0A727D1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ADAD2FFE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9290C91C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2B9146DE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2043337E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:12D21A9A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0988A428
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4C064D9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D39B2133
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D07517E1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CC141B05
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BD0A043E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AFB89C92
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:79059537
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5A2E8BBF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:386B39C3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1416AAA6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F56BE392
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDCDE97C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B139DDF3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A6D89509
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E05DEB0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:6ED8B881
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:51A20D23
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3E200C29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:18E3BAF3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F142DBA9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D3331ADB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CFA8C6E3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CB8C8B5D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B79964F6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AE289451
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AD020DC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:80A7A4A5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7ADCE5D2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:710768C7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5ECEFF17
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:45912F61
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4244811A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2211E7A0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1709732A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07CBFAD5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F8AC0D6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F5E8CAE0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D9656460
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BEF18713
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BB718C46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B6E6C4EA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A8DFD30C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9603033A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:40DA0795
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:32B8CA06
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2D2461E7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2CC32B31
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0F4FC8CD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0C13C008
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FCBEDCFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F21CB906
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F1C8B957
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E21433CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DB2748F7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF391C0F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C900B47A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C48905F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BF640EE5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BDD83DC4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:96372A73
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94BD36A2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:84C34762
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:244E4E3A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:20EB6823
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1DB77A89
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:13CDB0E0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:11590865
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:06A0D93C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB08C210
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F135A76C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EDE28CFC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C30487EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B779C113
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:902C848D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8BE8BFCD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7BBC3CCD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:72A1B66A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:58CC14E0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:391535F9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2727F067
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F001F3C1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40D7F76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D696AA12
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CA1AFE85
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C7857F06
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C4288847
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B8791731
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B36361EE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A5241382
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9F3CEEE6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8E3E8227
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7D04F8E2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:71A89A93
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BB7898D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3CAE2A70
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2979C892
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1B90AAB4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:104A718B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:084612C9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:072CBE6D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:220C42CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1E2D49E0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CA05B44
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E6CDFB4A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:82529191
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CB96B16
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DBEF355E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DB4C77AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8B4C1181
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5CE65446
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:46283136
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:224B562C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0919E696
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F36BFA23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:95079543
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:927EC486
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:73AFBB96
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:65684E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CAC06C34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:BCFEA004
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A5CD91DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4241298
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:75798D9A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5A15BCD4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4E71004E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4C35C064
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:070D9534
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03A039A3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F7061E5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8AB2162E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E9B2C525
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:07D64CD9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:AFC732F7
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]
    • Now click the [​IMG] button.
    • If the fix needed a reboot please do it.
    • Click the OK button (upon reboot).
    • When OTL is finished, Notepad will open. Close Notepad.
    • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    • Attach this log to your next message. (See: How to attach)
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the log from OTL
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 20, 2012
    #11
  12. bikerdan2000

    bikerdan2000 Private E-2

    I did the copy and paste as stated, but when I click the "RUN FIX" button, all I get is "Not responding".
     
    bikerdan2000, Jul 20, 2012
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please reboot into safe boot mode and try the fix.
     
    chaslang, Jul 20, 2012
    #13
  14. bikerdan2000

    bikerdan2000 Private E-2

    We have seen no pop ups since the last post.

    Can you tell me what happened, and what might have caused it?

    The MGLog is attached. The OTL Moved folder has 5 files in it, I guess because I had to try multiple times to run it, but all empty and would not attach.

    Many thanks for your help in this.
     

    Attached Files:

    bikerdan2000, Jul 21, 2012
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You mean since the fixes in message # 9? If so then I have to think that resetting the hosts file removed it.

    Let's run one more shorter scan with OTL.

    • Right click on the OTL icon on your desktop and select Run as Administrator
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Change the setting of "Drivers" and "Services" to "All"
    • Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
      Code:
      active
netsvcs
%systemdrive%\*.*
%systemroot%\*. /mp /s
    • Now click the Run Scan button.
    • Two reports will be created:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Attach both OTL.txt and Extras.txt to your next message. (See how to attach)
     
    chaslang, Jul 21, 2012
    #15
  16. bikerdan2000

    bikerdan2000 Private E-2

    OTL file was open after the scan, but cannot find the extra file. The only one available is from yesterday.
     

    Attached Files:

    bikerdan2000, Jul 22, 2012
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay there are still a bunch of Alternate Data Streams to remove. Since the fix failed to run properly last time, we will try fewer items in the fix. We will likely have to repeat this a few time assuming we get it to run. Boot in safe mode to run the below.


    Now shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    • Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    :OTL
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:517DBC32
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8F067037
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1A5822A3
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F860DBFD
@Alternate Data Stream - 258 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 256 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:E40AB54F
@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:31C9BA96
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:922DA2DB
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:4EE95FE7
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:DC7EDF41
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:7A632F57
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:C0BCE04B
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:8AE92FD3
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:67310058
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:762408BA
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:FD11E093
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:BACD3198
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:0ED1C542
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:90C320E1
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:46CBC45C
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:3EC5BC08
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:24C072FF
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:1E17A249
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:28CCFEFB
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:A9BED2F8
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:F30026CF
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:8B79243A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:2CBD8CCE
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B6E58523
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC769091
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7BFFC6A9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5133A494
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F7581CE6
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BECA50FF
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A6E01F67
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A10E88DE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9D06FB9C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:97AAB7F2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6757F885
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:43CBFAB2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:3BC173E4
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1A8854EC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DE3ABE3D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9C7A32BB
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6CF828C2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:28DFF83F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:217A2324
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1CD511E5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FBA79096
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C356A185
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C0A9B815
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:94A31742
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:689E7F7D
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:66FC2E6F
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6294B369
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:404908B5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3A7527E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:30E0D641
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:1CDEDE11
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:025DF3DE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FD7DCDA6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EAF3ADF5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E6B95E40
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D9F34335
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9C732DB0
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6DDFD746
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3FB26DBA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2AF04C69
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9812B773
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:96F8F8AB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6896CCCE
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]
    • Now click the [​IMG] button.
    • If the fix needed a reboot please do it.
    • Click the OK button (upon reboot).
    • When OTL is finished, Notepad will open. Close Notepad.
    • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    • Attach this log to your next message. (See: How to attach)

    Then attach the below logs:
    • the log from OTL
     
    chaslang, Jul 23, 2012
    #17
  18. bikerdan2000

    bikerdan2000 Private E-2

    It seemed to run well this time. Log file is attached.
     

    Attached Files:

    bikerdan2000, Jul 27, 2012
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then let's see if we can now finish removing the rest of the Alternate Data Streams.


    Now shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    • Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    :OTL
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:53F09A92
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:28D92DA8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:FB71A279
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F2B81C2E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F193BFCF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F13867C6
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DD6F157A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C4CB6EA6
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A6F30843
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A39BC668
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9968F0E2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:952245B1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5D40B34A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:597254A1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F9689B72
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EBCF5924
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D026A5A4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AED4A2B7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE8FDB48
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB3339EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:94874C0A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:71B89F61
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:70BDB805
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E8C18F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:57B374AB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:54F0BBF5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:18B5F839
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F7FFE8AF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F5B99CA4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F301EDA7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C8207070
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C178954A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B3A5945E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B2112128
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:98CD9221
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:85376176
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:75CC0165
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:531FD739
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:512336B9
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4D729D61
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A01545C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:436BE28C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32EA849C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D133896
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:13019F4B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:1234ADAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E7729B98
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B1786630
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9C6014C6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99B20AD0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:823606DE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:80253E8D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:77B64C59
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5FD35242
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:553056F1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2775F9E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:25F31665
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041ED421
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:00258EE7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9C337CCE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6D5A15BF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6212DF7A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:48D3CC24
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:363E775E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:300E36AB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:18A6D2CC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0652249D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FBE5FDB9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E369983A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C946EBB2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C7C3B621
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C5DC2B0C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B88DC997
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AA0BC725
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A5948878
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8855A119
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:874ADA37
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:852F2262
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:67CF910D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5DB36C47
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:43ECEA33
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:34445512
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:319D783D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2E3F04BC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:24C89EFC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:16A4620C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F19A4790
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E32D2701
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E153075C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D7B7645F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D4BB0AD6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:CAE3AE67
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C6104C4F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B6D84F71
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9338F136
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8E11CC80
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:62AF94A0
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:58481C6F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:517EFA90
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3D4B733E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:27A88EF2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17EB5BAE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F7401CCF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F41FEB14
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:EB4FEEF5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E9645B80
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6BEADB7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DF5ABA3D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DEE46C4E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CD6DF7CC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C370B84F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BE0654D6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3C7433B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A8185163
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:99F8C0E6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9720EBEF
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8204AA35
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8075370B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8029E75F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:754E278B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6E65510A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:51E66512
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4C71A42B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:34C443B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EE2DD6CC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C4A88D6B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:88E8CC2E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:86B7FDDB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7BB20DE8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:627153F1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:54380FEC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4C31986D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2AD33723
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1E942FB9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:076D8ED2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:06EAFA0B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:00D99749
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FF717A18
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FDEE14AC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:F5D01D7C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EB2D2CC5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E0888117
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DB76C881
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C3A047E3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C37283B5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A9223B61
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A71DCB33
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A6F28514
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A42FABF7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:78696BCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:71AEFFEB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6EA64886
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:628C9914
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:39EDBD33
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:33B04540
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1E87A273
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:120B3AFD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EFE7D3C9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DF19F127
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B285A50E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:AB03533D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A8ADEA55
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:678C1866
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F852702
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2F70C0B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2B856118
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0F64164E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EDDBC69E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EB68CA55
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D4558A0B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9BB8C675
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:89CC3B44
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7BE5BAAB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:702A7F20
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5A9F1AE5
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:518C333F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:329BA65B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:302ECBD6
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:151760F0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EF38B79C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B65280E9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:934CA750
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:91244A8F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7EABF26C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6ECE93A8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6AF6BB0E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:67D43EFA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:51E83E25
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4AC7B5C1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2E636DD9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2ABB51D4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:114C90CA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:04B1A0AC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FFC3922F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F663BB74
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E3615992
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D115F6E4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A9056F42
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9DBE6481
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B47C602
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:864881BF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:78DEA3A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6F0C95A1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:56FBA78D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4C6F9D77
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3C4BD225
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:35501BA4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:26499772
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2077FAC7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:18A25CF1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1095ECE1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EFBD4447
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B86642C5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A798AA1A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:93B68122
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:905BCB57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68A41423
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5FD26EF3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5164A01F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4A906D4A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:14D29229
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0FE0A03C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:04A18F36
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F9F58B80
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E4E83517
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DDF112BD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8A459C3C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8836A712
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6447E3B5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:60F3D3BE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D922890
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:27974442
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:152FD00E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E402E439
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A163121A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8FC1A8C4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:658DE22A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3DB6F365
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:398EFF0F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2F474C84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2F1D743F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2636DE16
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0DE96CF5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0A74923C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F72306CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DA378DD8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C2BD975
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:795F6DEC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:65137F0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5DD4100E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5511B474
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:48862C37
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:384AA0FD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:092BD83A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FFD58FFB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FD6D11C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B0A727D1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ADAD2FFE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9290C91C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2B9146DE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2043337E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:12D21A9A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0988A428
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4C064D9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D39B2133
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D07517E1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CC141B05
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BD0A043E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AFB89C92
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:79059537
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5A2E8BBF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:386B39C3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1416AAA6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F56BE392
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDCDE97C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B139DDF3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A6D89509
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E05DEB0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:6ED8B881
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:51A20D23
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3E200C29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:18E3BAF3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F142DBA9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D3331ADB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CFA8C6E3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CB8C8B5D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B79964F6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AE289451
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AD020DC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:80A7A4A5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7ADCE5D2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:710768C7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5ECEFF17
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:45912F61
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4244811A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2211E7A0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1709732A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07CBFAD5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F8AC0D6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F5E8CAE0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D9656460
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BEF18713
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BB718C46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B6E6C4EA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A8DFD30C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9603033A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:40DA0795
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:32B8CA06
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2D2461E7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2CC32B31
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0F4FC8CD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0C13C008
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FCBEDCFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F21CB906
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F1C8B957
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E21433CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DB2748F7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF391C0F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C900B47A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C48905F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BF640EE5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BDD83DC4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:96372A73
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94BD36A2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:84C34762
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:244E4E3A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:20EB6823
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1DB77A89
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:13CDB0E0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:11590865
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:06A0D93C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB08C210
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F135A76C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EDE28CFC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C30487EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B779C113
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:902C848D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8BE8BFCD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7BBC3CCD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:72A1B66A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:58CC14E0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:391535F9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2727F067
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F001F3C1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40D7F76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D696AA12
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CA1AFE85
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C7857F06
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C4288847
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B8791731
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B36361EE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A5241382
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9F3CEEE6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8E3E8227
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7D04F8E2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:71A89A93
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BB7898D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3CAE2A70
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2979C892
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1B90AAB4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:104A718B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:084612C9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:072CBE6D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:220C42CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1E2D49E0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CA05B44
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E6CDFB4A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:82529191
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CB96B16
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DBEF355E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DB4C77AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8B4C1181
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5CE65446
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:46283136
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:224B562C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0919E696
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F36BFA23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:95079543
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:927EC486
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:73AFBB96
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:65684E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CAC06C34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:BCFEA004
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A5CD91DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4241298
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:75798D9A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5A15BCD4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4E71004E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4C35C064
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:070D9534
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03A039A3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F7061E5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8AB2162E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E9B2C525
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:07D64CD9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:AFC732F7
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]
    • Now click the [​IMG] button.
    • If the fix needed a reboot please do it.
    • Click the OK button (upon reboot).
    • When OTL is finished, Notepad will open. Close Notepad.
    • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    • Attach this log to your next message. (See: How to attach)
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the log from OTL
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 29, 2012
    #19
  20. bikerdan2000

    bikerdan2000 Private E-2

    I have not seen a pop up since I reported that they were gone. When I ran the OTL fix, I forgot to turn off the AV. It seemed to run ok anyway. I did turn it off before I ran the MGtools.
     

    Attached Files:

    bikerdan2000, Jul 29, 2012
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Press and hold the Windows key [​IMG] and then press the letter R on your keyboard. This opens the Run dialog box.
      • Copy and paste the below into the Run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jul 30, 2012
    #21

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds