Sign in to follow this  
Followers 0
ramjet696

Infected with "Best Virus Protection" malware

55 posts in this topic

Hello,

My computer got infected with Best Virus Protection malware and have run all my spyware and malwarebytes and can't get rid of this virus that keeps popping up on my screen.

Can you please help

Thanks in advance.

Share this post


Link to post
Share on other sites

Hello ramjet696! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Let me see:

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Follow the instructions to generate DDS log file:

http://forums.malwarebytes.org/index.php?showtopic=9573

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file with Attach.txt

Share this post


Link to post
Share on other sites

ok

Thank you very much Maniac for your help.

I'm at work now but will run Malwarebytes' and get a DDS log and post it in my next reply when I get home.

Should I just run a quick scan or normal scan on my C drive, and should I do this in safe mode?

This bug has also disabled my internet capabilities, but I think I now know how to fix that.

Share this post


Link to post
Share on other sites
Should I just run a quick scan or normal scan on my C drive, and should I do this in safe mode?

You should perform a quick scan in Normal mode.

This bug has also disabled my internet capabilities, but I think I now know how to fix that.

If you have problems, just skip the step for update.

Share this post


Link to post
Share on other sites

Maniac,

I was able to get on the internet and update Malwarebytes, Ran Malwarebytes scan, and downloaded DDS software. Ran DDS. Attached is the Malwarebytes log scan and DDS log file with Attach.txt in zip files.

Seems like I was able to delete the Best Virus Protection but.....

Please review and let me know what to do next.

Thank you very much for your help

attach.rar

dds.rar

mbam-log-2012-03-08 (20-06-28).rar

Share this post


Link to post
Share on other sites

Please follow my instructions:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Share this post


Link to post
Share on other sites

I tried that but they were too large and I got an error message.

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 6/15/2007 2:26:17 AM

System Uptime: 3/8/2012 10:07:12 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0U7077

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 134 GiB total, 67.721 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 465.573 GiB free.

G: is Removable

H: is FIXED (NTFS) - 98 GiB total, 87.921 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP319: 1/24/2012 2:37:36 PM - System Checkpoint

RP320: 1/25/2012 3:25:40 PM - System Checkpoint

RP321: 1/26/2012 3:28:36 PM - System Checkpoint

RP322: 1/27/2012 4:08:41 PM - System Checkpoint

RP323: 1/28/2012 9:47:52 PM - System Checkpoint

RP324: 1/29/2012 10:29:25 PM - System Checkpoint

RP325: 1/30/2012 11:29:24 PM - System Checkpoint

RP326: 2/1/2012 12:09:55 AM - System Checkpoint

RP327: 2/3/2012 10:05:27 PM - System Checkpoint

RP328: 2/4/2012 11:03:25 PM - System Checkpoint

RP329: 2/5/2012 11:42:17 PM - System Checkpoint

RP330: 2/7/2012 4:51:19 AM - System Checkpoint

RP331: 2/8/2012 5:29:07 AM - System Checkpoint

RP332: 2/9/2012 6:29:07 AM - System Checkpoint

RP333: 2/10/2012 7:29:06 AM - System Checkpoint

RP334: 2/11/2012 8:29:06 AM - System Checkpoint

RP335: 2/12/2012 9:41:37 AM - System Checkpoint

RP336: 2/14/2012 2:40:51 PM - System Checkpoint

RP337: 2/15/2012 2:51:05 PM - System Checkpoint

RP338: 2/15/2012 8:16:17 PM - Software Distribution Service 3.0

RP339: 2/17/2012 10:34:56 AM - System Checkpoint

RP340: 2/18/2012 11:23:32 AM - System Checkpoint

RP341: 2/19/2012 11:30:56 AM - System Checkpoint

RP342: 2/20/2012 12:04:20 PM - System Checkpoint

RP343: 2/21/2012 12:15:09 PM - System Checkpoint

RP344: 2/22/2012 12:33:35 PM - System Checkpoint

RP345: 2/23/2012 6:29:13 AM - Printer Driver FoxTab PDF Virtual Printer Installed

RP346: 2/24/2012 7:21:01 AM - System Checkpoint

RP347: 2/25/2012 7:25:54 AM - System Checkpoint

RP348: 2/26/2012 8:08:29 AM - System Checkpoint

RP349: 2/27/2012 9:52:38 PM - System Checkpoint

RP350: 2/28/2012 1:36:27 AM - Removed Ask Toolbar.

RP351: 2/28/2012 1:38:21 AM - Removed Bing Bar

RP352: 2/28/2012 1:41:10 AM - Removed Bonjour

RP353: 2/28/2012 1:45:39 AM - Removed IHA_MessageCenter

RP354: 2/28/2012 1:47:01 AM - Removed iSEEK AnswerWorks English Runtime

RP355: 2/28/2012 1:48:46 AM - Removed MobileMe Control Panel

RP356: 2/29/2012 2:21:48 AM - System Checkpoint

RP357: 2/29/2012 11:13:43 PM - Installed TurboTax 2011 wrapper

RP358: 3/1/2012 8:32:48 PM - Software Distribution Service 3.0

RP359: 3/1/2012 11:51:25 PM - Software Distribution Service 3.0

RP360: 3/3/2012 12:34:59 AM - System Checkpoint

RP361: 3/5/2012 12:25:12 AM - System Checkpoint

RP362: 3/6/2012 1:19:30 AM - System Checkpoint

RP363: 3/7/2012 2:31:39 AM - System Checkpoint

RP364: 3/8/2012 6:54:46 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Display Driver

B44Inst

Broadcom 440x Driver Installer

Canon i550

CCleaner

CDBurnerXP

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Dell ResourceCD

DellConnect

DIGOpt

DivX Plus DirectShow Filters

DivX Setup

Download Manager

EASEUS Partition Master 8.0.1 Home Edition

FrostWire 5.2.3

Garmin City Navigator North America NT 2008

Garmin Communicator Plugin

Garmin MapSource

Garmin Trip and Waypoint Manager v4

Garmin USB Drivers

Garmin WebUpdater

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® 537EP V9x DF PCI Modem

InterActual Player

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

Lame ACM MP3 Codec

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Security Scan Plus

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Standard

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Helper

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

MSXML 4.0 SP2 Parser and SDK

NVIDIA Drivers

PlayBryte

QuickTime

RealPlayer

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 8 (KB917734)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Sound Blaster Live! 24-bit

Spybot - Search & Destroy

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wpaiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wpaiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.6195

Verizon Online Help and Support

VLC media player 0.9.2

Vz In Home Agent

WebFldrs XP

Webroot SecureAnywhere

Windows Backup Utility

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

WinRAR archiver

WinZip 14.0

Xvid 1.1.3 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

3/8/2012 9:43:25 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

3/8/2012 7:47:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OMCI

3/8/2012 7:24:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

3/8/2012 6:54:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

3/8/2012 6:38:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

3/7/2012 7:03:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:03:11 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:02:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

3/7/2012 7:02:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/7/2012 12:54:50 AM, error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

3/6/2012 11:38:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OMCI

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11

Run by RAF at 22:11:23 on 2012-03-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1015 [GMT -5:00]

.

AV: Best Virus Protection *Enabled/Updated* {347B0A39-53CB-42D8-8C1C-5B550F86455B}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

FW: Best Virus Protection *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Webroot\WRSA.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {66616350-A70C-4FF5-912E-A92B8076F6F7} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Download Manager: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\raf\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [updReg] "c:\windows\UpdReg.EXE"

mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r

mRun: [P17Helper] "c:\windows\system32\rundll32.exe" P17.dll,P17Helper

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [soundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [iBryte playbryte Desktop] c:\program files\ibryte\playbryte\ibrytedesktop.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

mPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

dPolicies-explorer: NoViewOnDrive = 0 (0x0)

dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-system: NoDispAppearancePage = 0 (0x0)

dPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182322514203

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{85373B2D-CAFC-40DD-86DD-3594093B2276} : DhcpNameServer = 10.0.0.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: image file execution options - svchost.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-12 109520]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-20 54760]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-12 656384]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-8-3 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-8-3 8456]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

.

=============== Created Last 30 ================

.

2012-03-07 00:16:11 -------- d-sh--w- c:\documents and settings\raf\application data\Best Virus Protection

2012-03-07 00:16:10 -------- d-sh--w- c:\documents and settings\all users\application data\BVBJUP

2012-03-07 00:14:07 -------- d-sh--w- c:\documents and settings\all users\application data\a1fd50

2012-03-07 00:14:03 -------- d-----w- C:\c3b93d

2012-02-25 21:43:10 54016 ----a-w- c:\windows\system32\drivers\kbdwx.sys

2012-02-25 08:19:05 -------- d-----w- c:\documents and settings\raf\application data\alotappbar

2012-02-25 08:19:04 -------- d-----w- c:\program files\alotappbar

2012-02-25 08:17:43 -------- d-----w- c:\program files\Download Manager

2012-02-25 08:16:54 -------- d-----w- c:\documents and settings\raf\local settings\application data\DownloadManager

2012-02-25 08:15:17 -------- d-----w- c:\program files\iBryte

2012-02-25 08:15:09 -------- d-----w- c:\documents and settings\raf\local settings\application data\iBryte

2012-02-23 11:29:05 98304 ----a-w- c:\windows\system32\redmonnt.dll

2012-02-23 11:28:59 -------- d-----w- c:\program files\FoxTabPDFConverter

2012-02-23 04:46:51 109520 ----a-w- c:\windows\system32\drivers\aBLwsKmJ.sys

2012-02-16 00:56:41 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-16 00:56:41 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-03-07 14:53:54 145528 ----a-w- c:\windows\system32\WRusr.dll

2012-03-07 14:53:54 109520 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-02-28 06:44:00 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-02-28 06:44:00 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-02-01 06:24:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 08:13:37 832512 ----a-w- c:\windows\system32\wininet.dll

2011-12-19 08:13:37 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-19 08:13:36 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-12-19 08:13:36 17408 ------w- c:\windows\system32\corpol.dll

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 22:15:38.60 ===============

Share this post


Link to post
Share on other sites

Here's 1st half of Malware log

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.08.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.11

RAF :: ROGER [limited]

3/8/2012 8:06:28 PM

mbam-log-2012-03-08 (20-06-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197585

Time elapsed: 1 hour(s), 49 minute(s), 21 second(s)

Memory Processes Detected: 1

C:\Documents and Settings\All Users\Application Data\a1fd50\BVa1f_8039.exe (Rogue.AntimalwarePCSafety) -> 3016 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 760

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

last half of Malwarebytes log

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 32

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Best Virus Protection (Rogue.AntimalwarePCSafety) -> Data: "C:\Documents and Settings\All Users\Application Data\a1fd50\BVa1f_8039.exe" /s /d -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|0 (Security.Hijack) -> Data: msseces.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|1 (Security.Hijack) -> Data: MSASCui.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|2 (Security.Hijack) -> Data: ekrn.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|3 (Security.Hijack) -> Data: egui.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|4 (Security.Hijack) -> Data: avgnt.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|5 (Security.Hijack) -> Data: avcenter.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|6 (Security.Hijack) -> Data: avscan.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|7 (Security.Hijack) -> Data: avgfrw.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|8 (Security.Hijack) -> Data: avgui.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|9 (Security.Hijack) -> Data: avgtray.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|10 (Security.Hijack) -> Data: avgscanx.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|11 (Security.Hijack) -> Data: avgcfgex.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|12 (Security.Hijack) -> Data: avgemc.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|13 (Security.Hijack) -> Data: avgchsvx.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|14 (Security.Hijack) -> Data: avgcmgr.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|15 (Security.Hijack) -> Data: avgwdsvc.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe|Debugger (Security.Hijack) -> Data: svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8039&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Documents and Settings\All Users\Application Data\a1fd50\BVa1f_8039.exe (Rogue.AntimalwarePCSafety) -> Delete on reboot.

C:\Documents and Settings\RAF\Desktop\Best Virus Protection.lnk (Rogue.BestVirusProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\RAF\Application Data\Microsoft\Internet Explorer\Quick Launch\Best Virus Protection.lnk (Rogue.BestVirusProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\RAF\Start Menu\Programs\Best Virus Protection.lnk (Rogue.BestVirusProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\RAF\Start Menu\Best Virus Protection.lnk (Rogue.BestVirusProtection) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Here's an invaluable advice on Malwarebytes' Anti-Malware: Any time before scanning for malware, no matter what type of scan, create a habit to check for new updates. This is important because only a few minutes, hour or day can be added to a solution to your problem in the Malwarebytes' Anti-Malware. Especially this type of malware - rogue applications, receive updates every minute and every day, so we do the same against them.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please uninstall the following application: FrostWire 5.2.3 . It is against our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Maniac, Attached is my Malwarebytes' Anti-Malware log for 3-13-12 and DDS log

I deleted FrostWire 5.2.3

Thanks for your help

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

4/15/2010 8:12:13 PM

mbam-log-2010-04-15 (20-12-13).txt

Scan type: Full scan (C:\|F:\|G:\|H:\|I:\|)

Objects scanned: 180824

Time elapsed: 44 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\RAF\Local Settings\Temp\rocmensxaw.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

DDS log next

Share this post


Link to post
Share on other sites

Maniac,

DDS log below

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11

Run by RAF at 1:17:20 on 2012-03-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.973 [GMT -4:00]

.

AV: Best Virus Protection *Enabled/Updated* {347B0A39-53CB-42D8-8C1C-5B550F86455B}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

FW: Best Virus Protection *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: {66616350-A70C-4FF5-912E-A92B8076F6F7} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Download Manager: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\raf\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [updReg] "c:\windows\UpdReg.EXE"

mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r

mRun: [P17Helper] "c:\windows\system32\rundll32.exe" P17.dll,P17Helper

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [soundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [iBryte playbryte Desktop] c:\program files\ibryte\playbryte\ibrytedesktop.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

mPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

dPolicies-explorer: NoViewOnDrive = 0 (0x0)

dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-system: NoDispAppearancePage = 0 (0x0)

dPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182322514203

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{85373B2D-CAFC-40DD-86DD-3594093B2276} : DhcpNameServer = 10.0.0.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: image file execution options - svchost.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-12 109584]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-20 54760]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-12 659032]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-13 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-8-3 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-8-3 8456]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

.

=============== Created Last 30 ================

.

2012-03-13 05:01:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-07 00:16:11 -------- d-sh--w- c:\documents and settings\raf\application data\Best Virus Protection

2012-03-07 00:16:10 -------- d-sh--w- c:\documents and settings\all users\application data\BVBJUP

2012-03-07 00:14:07 -------- d-sh--w- c:\documents and settings\all users\application data\a1fd50

2012-03-07 00:14:03 -------- d-----w- C:\c3b93d

2012-02-25 21:43:10 54016 ----a-w- c:\windows\system32\drivers\kbdwx.sys

2012-02-25 08:19:05 -------- d-----w- c:\documents and settings\raf\application data\alotappbar

2012-02-25 08:19:04 -------- d-----w- c:\program files\alotappbar

2012-02-25 08:17:43 -------- d-----w- c:\program files\Download Manager

2012-02-25 08:16:54 -------- d-----w- c:\documents and settings\raf\local settings\application data\DownloadManager

2012-02-25 08:15:17 -------- d-----w- c:\program files\iBryte

2012-02-25 08:15:09 -------- d-----w- c:\documents and settings\raf\local settings\application data\iBryte

2012-02-23 11:29:05 98304 ----a-w- c:\windows\system32\redmonnt.dll

2012-02-23 11:28:59 -------- d-----w- c:\program files\FoxTabPDFConverter

2012-02-23 04:46:51 109520 ----a-w- c:\windows\system32\drivers\aBLwsKmJ.sys

2012-02-16 00:56:41 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-16 00:56:41 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-03-12 05:21:49 145592 ----a-w- c:\windows\system32\WRusr.dll

2012-03-12 05:21:49 109584 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-02-28 06:44:00 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-02-28 06:44:00 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-02-01 06:24:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 08:13:37 832512 ----a-w- c:\windows\system32\wininet.dll

2011-12-19 08:13:37 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-19 08:13:36 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-12-19 08:13:36 17408 ------w- c:\windows\system32\corpol.dll

.

============= FINISH: 1:18:22.42 ===============

Share this post


Link to post
Share on other sites
Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Your program version is very old, your database version is very old. Why have not updated Malwarebytes' Anti-Malware as I advised you? Please follow my instructions, if not I we couldn't proceed.

Uninstall your Malwarebytes' Anti-Malware and next, download the latest version from here:

http://www.malwarebytes.org/mbam-download.php

Next, repeat the instructions from step 3.

Share this post


Link to post
Share on other sites

I did update, but will download latest version as requested and will post results.

Thanks

Share this post


Link to post
Share on other sites

Maniac,

DDS log File

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11

Run by RAF at 20:50:14 on 2012-03-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.738 [GMT -4:00]

.

AV: Best Virus Protection *Enabled/Updated* {347B0A39-53CB-42D8-8C1C-5B550F86455B}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

FW: Best Virus Protection *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: {66616350-A70C-4FF5-912E-A92B8076F6F7} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Download Manager: {e5c66dd8-308b-4a4f-af0a-3d04f25b5343} - mscoree.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\raf\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [updReg] "c:\windows\UpdReg.EXE"

mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r

mRun: [P17Helper] "c:\windows\system32\rundll32.exe" P17.dll,P17Helper

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [soundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [iBryte playbryte Desktop] c:\program files\ibryte\playbryte\ibrytedesktop.exe

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

mPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

dPolicies-explorer: NoViewOnDrive = 0 (0x0)

dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-system: NoDispAppearancePage = 0 (0x0)

dPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182322514203

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{85373B2D-CAFC-40DD-86DD-3594093B2276} : DhcpNameServer = 10.0.0.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: image file execution options - svchost.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-11-12 109584]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-20 54760]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-11-12 659032]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-14 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-8-3 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-8-3 8456]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

.

=============== Created Last 30 ================

.

2012-03-15 00:24:01 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-15 00:23:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:16:11 -------- d-sh--w- c:\documents and settings\raf\application data\Best Virus Protection

2012-03-07 00:16:10 -------- d-sh--w- c:\documents and settings\all users\application data\BVBJUP

2012-03-07 00:14:07 -------- d-sh--w- c:\documents and settings\all users\application data\a1fd50

2012-03-07 00:14:03 -------- d-----w- C:\c3b93d

2012-02-25 21:43:10 54016 ----a-w- c:\windows\system32\drivers\kbdwx.sys

2012-02-25 08:19:05 -------- d-----w- c:\documents and settings\raf\application data\alotappbar

2012-02-25 08:19:04 -------- d-----w- c:\program files\alotappbar

2012-02-25 08:17:43 -------- d-----w- c:\program files\Download Manager

2012-02-25 08:16:54 -------- d-----w- c:\documents and settings\raf\local settings\application data\DownloadManager

2012-02-25 08:15:17 -------- d-----w- c:\program files\iBryte

2012-02-25 08:15:09 -------- d-----w- c:\documents and settings\raf\local settings\application data\iBryte

2012-02-23 11:29:05 98304 ----a-w- c:\windows\system32\redmonnt.dll

2012-02-23 11:28:59 -------- d-----w- c:\program files\FoxTabPDFConverter

2012-02-23 04:46:51 109520 ----a-w- c:\windows\system32\drivers\aBLwsKmJ.sys

2012-02-16 00:56:41 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-16 00:56:41 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-03-12 05:21:49 145592 ----a-w- c:\windows\system32\WRusr.dll

2012-03-12 05:21:49 109584 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-02-28 06:44:00 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-02-28 06:44:00 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-02-01 06:24:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 08:13:37 832512 ----a-w- c:\windows\system32\wininet.dll

2011-12-19 08:13:37 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-19 08:13:36 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-12-19 08:13:36 17408 ------w- c:\windows\system32\corpol.dll

.

============= FINISH: 20:51:28.01 ===============

Malwarebytes mbam log file

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.14.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.11

RAF :: ROGER [administrator]

3/14/2012 8:39:01 PM

mbam-log-2012-03-14 (20-39-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200368

Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Now looks better. :)

The problem is that this one is still undetectable.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Maniac,

Here's my Combofix Log

I think I'm still infected.

Thank you for asll your help.

ComboFix 12-03-17.01 - RAF 03/19/2012 0:17.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1138 [GMT -4:00]

Running from: c:\documents and settings\RAF\Desktop\ComboFix.exe

AV: Best Virus Protection *Enabled/Updated* {347B0A39-53CB-42D8-8C1C-5B550F86455B}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

FW: Best Virus Protection *Enabled* {3568E5E8-1E11-49F5-9B25-73AEF0ABA473}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\a1fd50

c:\documents and settings\All Users\Application Data\a1fd50\676.mof

c:\documents and settings\All Users\Application Data\a1fd50\BVP.ico

c:\documents and settings\RAF\Application Data\Best Virus Protection

c:\documents and settings\RAF\Application Data\Best Virus Protection\Instructions.ini

c:\documents and settings\RAF\Desktop\Search.lnk

c:\documents and settings\RAF\GoToAssistDownloadHelper.exe

c:\documents and settings\RAF\WINDOWS

c:\windows\$NtUninstallKB27292$\2567633826

c:\windows\$NtUninstallKB27292$\2720975026\@

c:\windows\$NtUninstallKB27292$\2720975026\cfg.ini

c:\windows\$NtUninstallKB27292$\2720975026\Desktop.ini

c:\windows\$NtUninstallKB27292$\2720975026\L\cmafmbxw

c:\windows\$NtUninstallKB27292$\2720975026\U\00000001.@

c:\windows\$NtUninstallKB27292$\2720975026\U\00000002.@

c:\windows\$NtUninstallKB27292$\2720975026\U\00000004.@

c:\windows\$NtUninstallKB27292$\2720975026\U\80000000.@

c:\windows\$NtUninstallKB27292$\2720975026\U\80000004.@

c:\windows\$NtUninstallKB27292$\2720975026\U\80000032.@

c:\windows\$NtUninstallKB27292$\2720975026\version

c:\windows\system32\ati2mpaa.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\msnphoto.scr

c:\windows\system32\NxNetMon.dll

.

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_mfeapfk

-------\Legacy_SrvcSSIOMngr

-------\Service_mfeapfk

-------\Service_SrvcSSIOMngr

.

.

((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))

.

.

2012-03-19 04:15 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-03-15 18:21 . 2012-03-15 18:21 -------- d-----w- c:\program files\Conduit

2012-03-15 18:21 . 2012-03-18 18:26 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl

2012-03-15 18:18 . 2012-03-15 18:18 -------- d-----w- c:\program files\uTorrent

2012-03-15 00:23 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:16 . 2012-03-07 00:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BVBJUP

2012-03-07 00:14 . 2012-03-07 00:14 -------- d-----w- C:\c3b93d

2012-03-01 04:01 . 2012-03-01 04:01 -------- d-----w- c:\program files\Microsoft.NET

2012-02-25 21:43 . 2012-02-25 21:43 54016 ----a-w- c:\windows\system32\drivers\kbdwx.sys

2012-02-25 08:19 . 2012-02-25 08:20 -------- d-----w- c:\documents and settings\RAF\Application Data\alotappbar

2012-02-25 08:19 . 2012-02-25 08:19 -------- d-----w- c:\program files\alotappbar

2012-02-25 08:17 . 2012-02-25 08:17 -------- d-----w- c:\program files\Download Manager

2012-02-25 08:16 . 2012-02-25 08:18 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\DownloadManager

2012-02-25 08:15 . 2012-02-28 06:51 -------- d-----w- c:\program files\iBryte

2012-02-25 08:15 . 2012-02-25 08:15 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\iBryte

2012-02-23 11:29 . 2007-08-21 18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll

2012-02-23 11:28 . 2012-02-23 11:29 -------- d-----w- c:\program files\FoxTabPDFConverter

2012-02-23 04:46 . 2012-02-23 04:46 109520 ----a-w- c:\windows\system32\drivers\aBLwsKmJ.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-18 18:15 . 2011-11-13 03:48 146040 ----a-w- c:\windows\system32\WRusr.dll

2012-03-16 14:20 . 2011-11-13 03:48 109520 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-02-28 06:44 . 2011-09-27 05:13 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-02-28 06:44 . 2011-09-27 05:13 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-02-03 09:22 . 2003-07-16 20:51 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-02-01 06:24 . 2011-10-05 03:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-11 19:06 . 2012-02-16 00:56 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2007-06-15 06:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]

2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-06 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2005-05-03 64512]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-03-11 936960]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-03-16 658968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-11-06 08:02 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-05-12 15:11 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/12/2011 11:48 PM 109520]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/12/2011 11:48 PM 658968]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 PM 135664]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/3/2011 9:18 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/3/2011 9:18 PM 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 PM 135664]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 4:47 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

NETw4v32

SNPSTD3

vpcbus

mfeapfk

SrvcSSIOMngr

backupexecalertserver

cpntsrv

DritekPortIO

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:52]

.

2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:52]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-152049171-839522115-1004Core.job

- c:\documents and settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-22 16:40]

.

2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-152049171-839522115-1004UA.job

- c:\documents and settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-22 16:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = <local>

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.0.0.1

.

.

------- File Associations -------

.

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{66616350-A70C-4FF5-912E-A92B8076F6F7} - (no file)

BHO-{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-iBryte playbryte Desktop - c:\program files\iBryte\playbryte\ibrytedesktop.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

AddRemove-TurboTax 2009 - h:\program files\TurboTax\Installer\TurboTax 2009 Installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-19 00:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB27292$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3112)

c:\windows\system32\WRusr.dll

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-03-19 00:35:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-19 04:35

ComboFix2.txt 2011-02-01 04:03

.

Pre-Run: 72,149,749,760 bytes free

Post-Run: 72,458,657,792 bytes free

.

- - End Of File - - 6D6D9C2B049EF59CE3899D45AC5843C5

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: Best Virus Protection *Enabled/Updated* {347B0A39-53CB-42D8-8C1C-5B550F86455B}
FW: Best Virus Protection *Enabled* {3568E5E8-1E11-49F5-9B25-73AEF0ABA473}

Folder::
c:\program files\Conduit
c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl
c:\program files\uTorrent

DirLook::
c:\documents and settings\All Users\Application Data\BVBJUP
C:\c3b93d
c:\documents and settings\RAF\Application Data\alotappbar
c:\program files\alotappbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9df9360-97f8-4690-afe6-996c80790da4}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

[-HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
[-HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
[-HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Maniac,

Here's the Combofix log you requested

ComboFix 12-03-17.01 - RAF 03/19/2012 21:37:08.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1140 [GMT -4:00]

Running from: c:\documents and settings\RAF\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\RAF\Desktop\CFScript.txt

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_54_307_CT3072254_images_634511206111048063_20PX_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_54_307_CT3072254_Images_634517239059729568_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_5731583029485547084_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_MarketPlace_a0_18b_a09e6985-3574-4fcd-b796-975649aae18b_Thumbnail_45x45_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_MarketPlace_cc_704_cc8aceb9-fb96-4894-b4b6-78b5fb004704_Thumbnail_634503449712298469_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\AddedAppDialog\app-added.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\AddedAppDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\DefualtImages\icon.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\DetectedAppDialog\app-2go.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\DetectedAppDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\DialogsAPI.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\EngineFirstTimeDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\EngineFirstTimeDialog\right-click.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\excanvas.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\generalDialogStyle.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\NewSearchProtectorDialog\images\ok-button.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\NewSearchProtectorDialog\images\separation-line.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\NewSearchProtectorDialog\images\warning.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\NewSearchProtectorDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\NewSearchProtectorDialog\SearchProtector.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\NewSearchProtectorDialog\SearchProtector.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\PIE.htc

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\RoundedCorners.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\RoundedCornersIE9.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\bubble.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\bubble.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\images\information.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorBubbleDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorDialog\Images\info.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorDialog\Images\ok-on.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorDialog\Images\ok.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorDialog\SearchProtector.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\SearchProtectorDialog\SearchProtector.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\settings.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\arrow.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\divider.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\facebook.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\UntrustedAddedAppDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\UntrustedAppApprovalDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\UntrustedAppPendingDialog\main.html

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Dialogs\version.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=_LOCALE.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=_LOCALE.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=_LOCALE.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=_LOCALE.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ldrtbuTor.dll

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\AppsMetaData\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\AppsMetaData\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\DynamicDialogs\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\DynamicDialogs\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarLogin\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarLogin\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarSettings\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarSettings\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_en\ToolbarTranslation\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_en\ToolbarTranslation\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\SearchInNewTab\SearchInNewTabContent.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\tbuTor.dll

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ThirdPartyComponents.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\toolbar.cfg

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\program files\uTorrent

c:\program files\uTorrent\uTorrent.exe

c:\windows\$NtUninstallKB27292$\2720975026\cfg.ini

c:\windows\$NtUninstallKB27292$\4174777763

c:\windows\$NtUninstallKB27292$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))

.

.

2012-03-19 04:15 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-03-15 18:21 . 2012-03-15 18:21 -------- d-----w- c:\program files\uTorrentControl

2012-03-15 00:23 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:16 . 2012-03-07 00:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BVBJUP

2012-03-07 00:14 . 2012-03-07 00:14 -------- d-----w- C:\c3b93d

2012-03-01 04:01 . 2012-03-01 04:01 -------- d-----w- c:\program files\Microsoft.NET

2012-02-25 21:43 . 2012-02-25 21:43 54016 ----a-w- c:\windows\system32\drivers\kbdwx.sys

2012-02-25 08:19 . 2012-02-25 08:20 -------- d-----w- c:\documents and settings\RAF\Application Data\alotappbar

2012-02-25 08:19 . 2012-02-25 08:19 -------- d-----w- c:\program files\alotappbar

2012-02-25 08:17 . 2012-02-25 08:17 -------- d-----w- c:\program files\Download Manager

2012-02-25 08:16 . 2012-02-25 08:18 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\DownloadManager

2012-02-25 08:15 . 2012-02-28 06:51 -------- d-----w- c:\program files\iBryte

2012-02-25 08:15 . 2012-02-25 08:15 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\iBryte

2012-02-23 11:29 . 2007-08-21 18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll

2012-02-23 11:28 . 2012-02-23 11:29 -------- d-----w- c:\program files\FoxTabPDFConverter

2012-02-23 04:46 . 2012-02-23 04:46 109520 ----a-w- c:\windows\system32\drivers\aBLwsKmJ.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-18 18:15 . 2011-11-13 03:48 146040 ----a-w- c:\windows\system32\WRusr.dll

2012-03-16 14:20 . 2011-11-13 03:48 109520 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-02-28 06:44 . 2011-09-27 05:13 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-02-28 06:44 . 2011-09-27 05:13 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-02-03 09:22 . 2003-07-16 20:51 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-02-01 06:24 . 2011-10-05 03:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-11 19:06 . 2012-02-16 00:56 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2007-06-15 06:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\c3b93d ----

.

.

---- Directory of c:\documents and settings\All Users\Application Data\BVBJUP ----

.

2012-03-07 00:16 . 2012-03-09 03:06 54507 --sha-w- c:\documents and settings\All Users\Application Data\BVBJUP\BVQGTNFDRP.cfg

.

---- Directory of c:\documents and settings\RAF\Application Data\alotappbar ----

.

2012-02-25 08:20 . 2012-02-25 08:20 216 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\TimerManager\TimerManager.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 2880 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\preferences\preferences.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 2880 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\preferences\preferences.xml

2012-02-25 08:20 . 2012-02-25 08:20 736 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\paletteButton\paletteButton.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 736 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\paletteButton\paletteButton.xml

2012-02-25 08:20 . 2012-02-25 08:20 688 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\addApp\addApp.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 688 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\addApp\addApp.xml

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\rightPaginator\rightPaginator.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\rightPaginator\rightPaginator.xml

2012-02-25 08:20 . 2012-02-25 08:20 776 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_38111\App_38111.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 776 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_38111\App_38111.xml

2012-02-25 08:20 . 2012-02-25 08:20 656 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_1007\App_1007.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 656 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_1007\App_1007.xml

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_91011\App_91011.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_91011\App_91011.xml

2012-02-25 08:20 . 2012-02-25 08:20 704 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_117011\App_117011.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 704 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_117011\App_117011.xml

2012-02-25 08:20 . 2012-02-25 08:20 616 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_4629\App_4629.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 616 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_4629\App_4629.xml

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_3562\App_3562.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_3562\App_3562.xml

2012-02-25 08:20 . 2012-02-25 08:20 752 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5862\App_5862.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 752 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5862\App_5862.xml

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_43911\App_43911.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_43911\App_43911.xml

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5809\App_5809.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5809\App_5809.xml

2012-02-25 08:20 . 2012-02-25 08:20 488 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_174011\App_174011.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 488 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_174011\App_174011.xml

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\leftPaginator\leftPaginator.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\leftPaginator\leftPaginator.xml

2012-02-25 08:20 . 2012-02-25 08:20 592 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Logo\Logo.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 592 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Logo\Logo.xml

2012-02-25 08:20 . 2012-02-25 08:20 1264 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbarContextMenu\toolbarContextMenu.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 1264 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbarContextMenu\toolbarContextMenu.xml

2012-02-25 08:20 . 2012-02-25 08:20 1568 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\contextMenu\contextMenu.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 1568 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\contextMenu\contextMenu.xml

2012-02-25 08:19 . 2012-02-25 08:20 768 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\configurator\configurator.xml.backup

2012-02-25 08:19 . 2012-02-25 08:20 768 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\configurator\configurator.xml

2012-02-25 08:19 . 2012-02-25 08:20 216 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\TimerManager\TimerManager.xml

2012-02-25 08:19 . 2012-02-25 08:20 200 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Updater\Updater.xml.backup

2012-02-25 08:19 . 2012-02-25 08:20 200 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Updater\Updater.xml

2012-02-25 08:19 . 2012-02-25 08:19 56 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\ToolbarSearch\ToolbarSearch.xml

2012-02-25 08:19 . 2012-02-25 08:19 128 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\products\products.xml.backup

2012-02-25 08:19 . 2012-02-25 08:19 128 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\products\products.xml

2012-02-25 08:19 . 2012-02-25 08:19 43032 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbar.xml.backup

2012-02-15 17:47 . 2012-02-25 08:20 42528 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbar.xml

2012-02-15 17:47 . 2012-02-15 17:47 3972 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_1007\images\1d14fe3350fef6b2cc0a4aa18ac5b0db.png

2012-02-15 17:47 . 2012-02-15 17:47 3880 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_117011\images\0b8ecbe372a5175cbe0643c28c1a236a.png

2012-02-15 17:47 . 2012-02-15 17:47 7863 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_174011\images\70ef5ed3cce790376ee4ac86ed364bee.png

2012-02-15 17:47 . 2012-02-15 17:47 3088 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_3562\images\d5aed714f2ab2d7fd8fd3f0b12d30a11.png

2012-02-15 17:47 . 2012-02-15 17:47 4303 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_38111\images\a952567ad4f13859217c7821057a3c4c.png

2012-02-15 17:47 . 2012-02-15 17:47 8210 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_43911\images\018148d9866994114ac9caeb5325ccae.png

2012-02-15 17:47 . 2012-02-15 17:47 6296 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_4629\images\7b2fdf9965fe4ff9b4ccddc50297c066.png

2012-02-15 17:47 . 2012-02-15 17:47 5969 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_5809\images\dea85611eacb320a29fe17b8907b7e05.png

2012-02-15 17:47 . 2012-02-15 17:47 5580 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_5862\images\31b7f2c3bcbce9030f42ad480a938327.png

2012-02-15 17:47 . 2012-02-15 17:47 5549 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_91011\images\4abec59effe5e1b1faed16b1b38bf35a.png

2012-02-15 17:47 . 2012-02-15 17:47 216 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\domains.dat

2012-02-15 17:47 . 2012-02-15 17:47 3532 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\add-app-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 2577 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\add-app.png

2012-02-15 17:47 . 2012-02-15 17:47 519 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-13x13.png

2012-02-15 17:47 . 2012-02-15 17:47 643 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-16x16.png

2012-02-15 17:47 . 2012-02-15 17:47 3467 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-65x34-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 7523 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-65x34.png

2012-02-15 17:47 . 2012-02-15 17:47 6579 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-95x55.png

2012-02-15 17:47 . 2012-02-15 17:47 2223 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\cog-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 2209 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\cog.png

2012-02-15 17:47 . 2012-02-15 17:47 980 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertAttrBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 1005 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\DesktopAlertClose.png

2012-02-15 17:47 . 2012-02-15 17:47 980 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertCloseHot.png

2012-02-15 17:47 . 2012-02-15 17:47 569 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertImage.png

2012-02-15 17:47 . 2012-02-15 17:47 1033 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertImageBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 1002 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertTextBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 3743 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\error-icon.jpg

2012-02-15 17:47 . 2012-02-15 17:47 1406 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\favicon.ico

2012-02-15 17:47 . 2012-02-15 17:47 4808 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\loading.bmp

2012-02-15 17:47 . 2012-02-15 17:47 832 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\magnifying-glass.png

2012-02-15 17:47 . 2012-02-15 17:47 229 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 1020 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertButton.png

2012-02-15 17:47 . 2012-02-15 17:47 1017 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertButtonHot.png

2012-02-15 17:47 . 2012-02-15 17:47 202 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertClose.png

2012-02-15 17:47 . 2012-02-15 17:47 151 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertCloseHot.png

2012-02-15 17:47 . 2012-02-15 17:47 4010 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\search-button-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 3117 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\search-button.png

2012-02-15 17:47 . 2012-02-15 17:47 2526 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\palette-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 2552 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\palette.png

2012-02-15 17:47 . 2012-02-15 17:47 330 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 337 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 413 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 231 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1403 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1391 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1365 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1553 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1513 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1456 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 323 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 335 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 400 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 235 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1421 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1389 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1349 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1565 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1480 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1447 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 334 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 147 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 333 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 415 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 232 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1413 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1417 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1365 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1532 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1527 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1481 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 332 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 335 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 359 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 231 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1424 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1358 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1315 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1555 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1450 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1388 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 197 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 335 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 233 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1360 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1385 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1340 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1300 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1331 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1316 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 197 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 145 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 337 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 234 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1360 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1385 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1353 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1447 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1417 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1417 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 197 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 337 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 233 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1415 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1374 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1355 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1514 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1451 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1437 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 5140 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\caption-bg.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\close-hover.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\close.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\configure-hover.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\configure.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\refresh-hover.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\refresh.bmp

.

---- Directory of c:\program files\alotappbar ----

.

2012-02-25 08:19 . 2012-02-25 08:19 155575 ----a-w- c:\program files\alotappbar\alotUninst.exe

2012-02-15 17:47 . 2012-02-15 17:47 949096 ----a-w- c:\program files\alotappbar\bin\alotappbar.dll

2012-02-15 17:47 . 2012-02-15 17:47 48488 ----a-w- c:\program files\alotappbar\bin\alothelper.dll

2012-02-15 17:47 . 2012-02-15 17:47 529256 ----a-w- c:\program files\alotappbar\bin\alotwidgets.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-19_04.31.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-20 01:51 . 2012-03-20 01:51 16384 c:\windows\Temp\Perflib_Perfdata_628.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]

2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-06 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2005-05-03 64512]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-03-11 936960]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-03-16 658968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-11-06 08:02 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-05-12 15:11 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/12/2011 11:48 PM 109520]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/12/2011 11:48 PM 658968]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 PM 135664]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/3/2011 9:18 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/3/2011 9:18 PM 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 PM 135664]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 4:47 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

NETw4v32

SNPSTD3

vpcbus

mfeapfk

SrvcSSIOMngr

backupexecalertserver

cpntsrv

DritekPortIO

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:52]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:52]

.

2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-152049171-839522115-1004Core.job

- c:\documents and settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-22 16:40]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-152049171-839522115-1004UA.job

- c:\documents and settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-22 16:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = <local>

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.0.0.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-19 21:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4044)

c:\windows\system32\WRusr.dll

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-03-19 21:56:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-20 01:56

ComboFix2.txt 2012-03-19 04:35

ComboFix3.txt 2011-02-01 04:03

.

Pre-Run: 72,349,429,760 bytes free

Post-Run: 72,361,918,464 bytes free

.

- - End Of File - - 16F196CCB3ACE5658B555F5E6B74B65E

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\All Users\Application Data\BVBJUP
c:\documents and settings\RAF\Application Data\alotappbar
c:\program files\alotappbar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]
[-HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]
[-HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9df9360-97f8-4690-afe6-996c80790da4}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Maniac

Here's my Combofix txt

ComboFix 12-03-17.01 - RAF 03/20/2012 23:01:04.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1140 [GMT -4:00]

Running from: c:\documents and settings\RAF\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\RAF\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_54_307_CT3072254_images_634511206111048063_20PX_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_54_307_CT3072254_Images_634517239059729568_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_5731583029485547084_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_MarketPlace_a0_18b_a09e6985-3574-4fcd-b796-975649aae18b_Thumbnail_45x45_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_MarketPlace_cc_704_cc8aceb9-fb96-4894-b4b6-78b5fb004704_Thumbnail_634503449712298469_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ldrtbuTor.dll

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\AppsMetaData\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\AppsMetaData\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarLogin\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarLogin\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarSettings\data.bck.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\Repository\conduit_CT3072254_CT3072254\ToolbarSettings\data.txt

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\SearchInNewTab\SearchInNewTabContent.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\tbuTor.dll

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\ThirdPartyComponents.xml

c:\documents and settings\RAF\Local Settings\Application Data\uTorrentControl\toolbar.cfg

.

.

((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))

.

.

2012-03-19 04:15 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-03-15 18:21 . 2012-03-15 18:21 -------- d-----w- c:\program files\uTorrentControl

2012-03-15 00:23 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-07 00:16 . 2012-03-07 00:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BVBJUP

2012-03-07 00:14 . 2012-03-07 00:14 -------- d-----w- C:\c3b93d

2012-03-01 04:01 . 2012-03-01 04:01 -------- d-----w- c:\program files\Microsoft.NET

2012-02-25 21:43 . 2012-02-25 21:43 54016 ----a-w- c:\windows\system32\drivers\kbdwx.sys

2012-02-25 08:19 . 2012-02-25 08:20 -------- d-----w- c:\documents and settings\RAF\Application Data\alotappbar

2012-02-25 08:19 . 2012-02-25 08:19 -------- d-----w- c:\program files\alotappbar

2012-02-25 08:17 . 2012-02-25 08:17 -------- d-----w- c:\program files\Download Manager

2012-02-25 08:16 . 2012-02-25 08:18 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\DownloadManager

2012-02-25 08:15 . 2012-02-28 06:51 -------- d-----w- c:\program files\iBryte

2012-02-25 08:15 . 2012-02-25 08:15 -------- d-----w- c:\documents and settings\RAF\Local Settings\Application Data\iBryte

2012-02-23 11:29 . 2007-08-21 18:32 98304 ----a-w- c:\windows\system32\redmonnt.dll

2012-02-23 11:28 . 2012-02-23 11:29 -------- d-----w- c:\program files\FoxTabPDFConverter

2012-02-23 04:46 . 2012-02-23 04:46 109520 ----a-w- c:\windows\system32\drivers\aBLwsKmJ.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-18 18:15 . 2011-11-13 03:48 146040 ----a-w- c:\windows\system32\WRusr.dll

2012-03-16 14:20 . 2011-11-13 03:48 109520 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-02-28 06:44 . 2011-09-27 05:13 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-02-28 06:44 . 2011-09-27 05:13 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-02-03 09:22 . 2003-07-16 20:51 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-02-01 06:24 . 2011-10-05 03:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-11 19:06 . 2012-02-16 00:56 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2007-06-15 06:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\c3b93d ----

.

.

---- Directory of c:\documents and settings\All Users\Application Data\BVBJUP ----

.

2012-03-07 00:16 . 2012-03-09 03:06 54507 --sha-w- c:\documents and settings\All Users\Application Data\BVBJUP\BVQGTNFDRP.cfg

.

---- Directory of c:\documents and settings\RAF\Application Data\alotappbar ----

.

2012-02-25 08:20 . 2012-02-25 08:20 216 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\TimerManager\TimerManager.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 2880 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\preferences\preferences.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 2880 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\preferences\preferences.xml

2012-02-25 08:20 . 2012-02-25 08:20 736 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\paletteButton\paletteButton.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 736 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\paletteButton\paletteButton.xml

2012-02-25 08:20 . 2012-02-25 08:20 688 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\addApp\addApp.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 688 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\addApp\addApp.xml

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\rightPaginator\rightPaginator.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\rightPaginator\rightPaginator.xml

2012-02-25 08:20 . 2012-02-25 08:20 776 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_38111\App_38111.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 776 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_38111\App_38111.xml

2012-02-25 08:20 . 2012-02-25 08:20 656 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_1007\App_1007.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 656 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_1007\App_1007.xml

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_91011\App_91011.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_91011\App_91011.xml

2012-02-25 08:20 . 2012-02-25 08:20 704 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_117011\App_117011.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 704 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_117011\App_117011.xml

2012-02-25 08:20 . 2012-02-25 08:20 616 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_4629\App_4629.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 616 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_4629\App_4629.xml

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_3562\App_3562.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_3562\App_3562.xml

2012-02-25 08:20 . 2012-02-25 08:20 752 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5862\App_5862.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 752 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5862\App_5862.xml

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_43911\App_43911.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 744 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_43911\App_43911.xml

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5809\App_5809.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 760 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_5809\App_5809.xml

2012-02-25 08:20 . 2012-02-25 08:20 488 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_174011\App_174011.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 488 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\App_174011\App_174011.xml

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\leftPaginator\leftPaginator.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 720 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\leftPaginator\leftPaginator.xml

2012-02-25 08:20 . 2012-02-25 08:20 592 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Logo\Logo.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 592 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Logo\Logo.xml

2012-02-25 08:20 . 2012-02-25 08:20 1264 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbarContextMenu\toolbarContextMenu.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 1264 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbarContextMenu\toolbarContextMenu.xml

2012-02-25 08:20 . 2012-02-25 08:20 1568 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\contextMenu\contextMenu.xml.backup

2012-02-25 08:20 . 2012-02-25 08:20 1568 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\contextMenu\contextMenu.xml

2012-02-25 08:19 . 2012-02-25 08:20 768 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\configurator\configurator.xml.backup

2012-02-25 08:19 . 2012-02-25 08:20 768 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\configurator\configurator.xml

2012-02-25 08:19 . 2012-02-25 08:20 216 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\TimerManager\TimerManager.xml

2012-02-25 08:19 . 2012-02-25 08:20 200 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Updater\Updater.xml.backup

2012-02-25 08:19 . 2012-02-25 08:20 200 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\Updater\Updater.xml

2012-02-25 08:19 . 2012-02-25 08:19 56 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\ToolbarSearch\ToolbarSearch.xml

2012-02-25 08:19 . 2012-02-25 08:19 128 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\products\products.xml.backup

2012-02-25 08:19 . 2012-02-25 08:19 128 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\products\products.xml

2012-02-25 08:19 . 2012-02-25 08:19 43032 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbar.xml.backup

2012-02-15 17:47 . 2012-02-25 08:20 42528 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\toolbar.xml

2012-02-15 17:47 . 2012-02-15 17:47 3972 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_1007\images\1d14fe3350fef6b2cc0a4aa18ac5b0db.png

2012-02-15 17:47 . 2012-02-15 17:47 3880 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_117011\images\0b8ecbe372a5175cbe0643c28c1a236a.png

2012-02-15 17:47 . 2012-02-15 17:47 7863 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_174011\images\70ef5ed3cce790376ee4ac86ed364bee.png

2012-02-15 17:47 . 2012-02-15 17:47 3088 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_3562\images\d5aed714f2ab2d7fd8fd3f0b12d30a11.png

2012-02-15 17:47 . 2012-02-15 17:47 4303 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_38111\images\a952567ad4f13859217c7821057a3c4c.png

2012-02-15 17:47 . 2012-02-15 17:47 8210 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_43911\images\018148d9866994114ac9caeb5325ccae.png

2012-02-15 17:47 . 2012-02-15 17:47 6296 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_4629\images\7b2fdf9965fe4ff9b4ccddc50297c066.png

2012-02-15 17:47 . 2012-02-15 17:47 5969 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_5809\images\dea85611eacb320a29fe17b8907b7e05.png

2012-02-15 17:47 . 2012-02-15 17:47 5580 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_5862\images\31b7f2c3bcbce9030f42ad480a938327.png

2012-02-15 17:47 . 2012-02-15 17:47 5549 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\App_91011\images\4abec59effe5e1b1faed16b1b38bf35a.png

2012-02-15 17:47 . 2012-02-15 17:47 216 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\domains.dat

2012-02-15 17:47 . 2012-02-15 17:47 3532 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\add-app-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 2577 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\add-app.png

2012-02-15 17:47 . 2012-02-15 17:47 519 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-13x13.png

2012-02-15 17:47 . 2012-02-15 17:47 643 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-16x16.png

2012-02-15 17:47 . 2012-02-15 17:47 3467 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-65x34-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 7523 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-65x34.png

2012-02-15 17:47 . 2012-02-15 17:47 6579 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\alot-logo-95x55.png

2012-02-15 17:47 . 2012-02-15 17:47 2223 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\cog-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 2209 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\cog.png

2012-02-15 17:47 . 2012-02-15 17:47 980 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertAttrBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 1005 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\DesktopAlertClose.png

2012-02-15 17:47 . 2012-02-15 17:47 980 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertCloseHot.png

2012-02-15 17:47 . 2012-02-15 17:47 569 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertImage.png

2012-02-15 17:47 . 2012-02-15 17:47 1033 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertImageBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 1002 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\desktopAlertTextBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 3743 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\error-icon.jpg

2012-02-15 17:47 . 2012-02-15 17:47 1406 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\favicon.ico

2012-02-15 17:47 . 2012-02-15 17:47 4808 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\loading.bmp

2012-02-15 17:47 . 2012-02-15 17:47 832 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\magnifying-glass.png

2012-02-15 17:47 . 2012-02-15 17:47 229 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertBkgnd.png

2012-02-15 17:47 . 2012-02-15 17:47 1020 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertButton.png

2012-02-15 17:47 . 2012-02-15 17:47 1017 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertButtonHot.png

2012-02-15 17:47 . 2012-02-15 17:47 202 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertClose.png

2012-02-15 17:47 . 2012-02-15 17:47 151 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\PageAlertCloseHot.png

2012-02-15 17:47 . 2012-02-15 17:47 4010 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\search-button-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 3117 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\search-button.png

2012-02-15 17:47 . 2012-02-15 17:47 2526 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\palette-hover.png

2012-02-15 17:47 . 2012-02-15 17:47 2552 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\palette.png

2012-02-15 17:47 . 2012-02-15 17:47 330 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 337 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 413 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 231 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1403 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1391 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1365 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1553 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1513 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1456 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\blue\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 323 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 335 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 400 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 235 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1421 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1389 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1349 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1565 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1480 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1447 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\green\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 334 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 147 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 333 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 415 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 232 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1413 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1417 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1365 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1532 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1527 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1481 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\orange\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 332 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 335 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 359 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\swatch.png

2012-02-15 17:47 . 2012-02-15 17:47 231 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1424 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1358 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1315 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1555 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1450 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1388 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\pink\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 197 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 335 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 233 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1360 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1385 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1340 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1300 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1331 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1316 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standard\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 197 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 145 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 337 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 234 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1360 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1385 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1353 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1447 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1417 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1417 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardClassic\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 197 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\appbar-bg.png

2012-02-15 17:47 . 2012-02-15 17:47 146 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\divider.png

2012-02-15 17:47 . 2012-02-15 17:47 337 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\slider.png

2012-02-15 17:47 . 2012-02-15 17:47 233 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\bg.png

2012-02-15 17:47 . 2012-02-15 17:47 1415 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\left\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1374 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\left\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1355 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\left\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 1514 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\right\hover.png

2012-02-15 17:47 . 2012-02-15 17:47 1451 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\right\normal.png

2012-02-15 17:47 . 2012-02-15 17:47 1437 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\theme\standardWin7\page\right\not-available.png

2012-02-15 17:47 . 2012-02-15 17:47 5140 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\caption-bg.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\close-hover.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\close.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\configure-hover.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\configure.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\refresh-hover.bmp

2012-02-15 17:47 . 2012-02-15 17:47 1992 ----a-w- c:\documents and settings\RAF\Application Data\alotappbar\resources\shared\images\widget\refresh.bmp

.

---- Directory of c:\program files\alotappbar ----

.

2012-02-25 08:19 . 2012-02-25 08:19 155575 ----a-w- c:\program files\alotappbar\alotUninst.exe

2012-02-15 17:47 . 2012-02-15 17:47 949096 ----a-w- c:\program files\alotappbar\bin\alotappbar.dll

2012-02-15 17:47 . 2012-02-15 17:47 48488 ----a-w- c:\program files\alotappbar\bin\alothelper.dll

2012-02-15 17:47 . 2012-02-15 17:47 529256 ----a-w- c:\program files\alotappbar\bin\alotwidgets.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-19_04.31.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-21 03:00 . 2012-03-21 03:00 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat

+ 2012-03-20 02:30 . 2012-03-20 02:30 41472 c:\windows\Installer\13a490.msi

+ 2012-03-06 02:42 . 2012-03-06 02:42 18432 c:\windows\Installer\13a3f5.msp

+ 2012-03-12 23:20 . 2012-03-12 23:20 4729344 c:\windows\Installer\13a489.msp

+ 2012-03-06 02:35 . 2012-03-06 02:35 3961344 c:\windows\Installer\13a3ec.msp

+ 2012-03-20 02:29 . 2012-03-20 02:29 1919312 c:\windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}\TurboTax.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]

2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9df9360-97f8-4690-afe6-996c80790da4}]

2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9df9360-97f8-4690-afe6-996c80790da4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9DF9360-97F8-4690-AFE6-996C80790DA4}"= "c:\program files\uTorrentControl\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e9df9360-97f8-4690-afe6-996c80790da4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-06 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2005-05-03 64512]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-03-11 936960]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-03-16 658968]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-11-06 08:02 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-05-12 15:11 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/12/2011 11:48 PM 109520]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/12/2011 11:48 PM 658968]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 PM 135664]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/3/2011 9:18 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/3/2011 9:18 PM 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:52 PM 135664]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 4:47 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

NETw4v32

SNPSTD3

vpcbus

mfeapfk

SrvcSSIOMngr

backupexecalertserver

cpntsrv

DritekPortIO

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:52]

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:52]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-152049171-839522115-1004Core.job

- c:\documents and settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-22 16:40]

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-152049171-839522115-1004UA.job

- c:\documents and settings\RAF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-22 16:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = <local>

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 10.0.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-20 23:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-03-20 23:11:27

ComboFix-quarantined-files.txt 2012-03-21 03:11

ComboFix2.txt 2012-03-20 01:56

ComboFix3.txt 2012-03-19 04:35

ComboFix4.txt 2011-02-01 04:03

.

Pre-Run: 72,310,218,752 bytes free

Post-Run: 72,332,738,560 bytes free

.

- - End Of File - - CCE5CFF2E2430189C6551CF2ECC00F44

Share this post


Link to post
Share on other sites

You probably used the incorrect script, because I'm not using DirLook:: command to check the content of any folder. Please use my last script.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.