Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
2 Pages V  < 1 2  
 Closed TopicStart new topic
msa.exe / b.exe problem? [Solved]
Essexboy
post Oct 31 2009, 05:04 AM
Post #16


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
We are actually making progress now though smile.gif

AVZ FIX

  1. Double click on AVZ.exe
  2. Click File > Custom scripts
  3. Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
    CODE
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    SetAVZPMStatus(True);
    StopService('NetLogin');
    SetServiceStart('NetLogin', 4);
    SetServiceStart('Net_Login', 4);
    StopService('Net_Login');
    TerminateProcessByName('c:\windows\svchust.exe');
    TerminateProcessByName('c:\windows\svchost.exe');
    BC_DeleteFile('c:\windows\svchost.exe');
    DeleteFile('c:\windows\svchost.exe');
    BC_DeleteFile('c:\windows\svchust.exe');
    DeleteFile('c:\windows\svchust.exe');
    BC_DeleteFile('C:\WINDOWS\TEMP\jka1B.tmp');
    DeleteFile('C:\WINDOWS\TEMP\jka1B.tmp');
    BC_DeleteFile('C:\WINDOWS\fonts\services.exe');
    DeleteFile('C:\WINDOWS\fonts\services.exe');
    BC_DeleteFile('C:\WINDOWS\system32\6to4v32.dll');
    DeleteFile('C:\WINDOWS\system32\6to4v32.dll');
    RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\6to4\Parameters','ServiceDll');
    BC_DeleteFile('C:\DOCUME~1\REIDVA~1\LOCALS~1\Temp\c.exe');
    DeleteFile('C:\DOCUME~1\REIDVA~1\LOCALS~1\Temp\c.exe');
    BC_DeleteFile('C:\DOCUME~1\REIDVA~1\LOCALS~1\Temp\d.exe');
    DeleteFile('C:\DOCUME~1\REIDVA~1\LOCALS~1\Temp\d.exe');
    BC_DeleteFile('D:\autorun.inf');
    DeleteFile('D:\autorun.inf');
    ExecuteRepair(1);
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.

  4. Note: When you run the script, your PC will be restarted
  5. Click Run
  6. Restart your PC if it doesn't do it automatically.


ON COMPLETION

  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
  3. Click on the "Execute selected scripts".
  4. A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.


Attach the zip file to your next post


THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Go to the top of the page
 
+Quote Post
strohmen
post Oct 31 2009, 11:40 AM
Post #17


Member
**
Posts: 14
OS: Windows XP Tablet Edition
Everything seems to have worked fine. A few notes - when I booted up after running AVZ, I received a MPNotify error, but it didn't affect anything.

I also was unable to access the malwarebytes download page on the infected machine (maybe blocked?) so I copied the file over from an uninfected Mac. It generated an error when trying to update but seems to have run normally.

Log files attached!


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/31/2009 1:37:31 PM
mbam-log-2009-10-31 (13-37-30).txt

Scan type: Quick Scan
Objects scanned: 99513
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 743
Registry Values Infected: 9
Registry Data Items Infected: 9
Folders Infected: 2
Files Infected: 75

Memory Processes Infected:
C:\WINDOWS\svchust.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\net_login (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\net_login (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\netlogin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-Trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoTrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantiVirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hackTracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_Internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_AntiSpyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procExplorerv1.0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojantrap3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Virusmdpersonalfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=220&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\cpa15.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ddl18.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\efk14.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fiaD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\flaA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fqj1F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fua6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fxa5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hza1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ioa1C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iuk15.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kga8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kma14.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kua1B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qca6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qda1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qea7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qoa1A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rda18.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rla19.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\suaF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nga7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nma10.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\noaB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dha1A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\aqaE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\asa8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ata6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\axk16.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\trk20.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ukaF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vda1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vqa1D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT1B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wia8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\loa10.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mbl17.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mra4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mraC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\muk21.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mwa10.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wka16.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wxa1C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xgaE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yba1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\cikfj56ri43.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\cikfj56ri44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\svchust.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reid Van Lehn\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Attached File  virusinfo_syscheck.zip ( 42.9K ) Number of downloads: 2
Go to the top of the page
 
+Quote Post
Essexboy
post Oct 31 2009, 12:33 PM
Post #18


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
We are making progress now thumbsup.gif Looking at that plus what I had seen before we are looking at at least 4 different infections here

QUOTE
One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


Could you now try OTS again but rename it to OTS.COM and follow that with Combofix, again rename the extension to .COM
Go to the top of the page
 
+Quote Post
strohmen
post Oct 31 2009, 12:57 PM
Post #19


Member
**
Posts: 14
OS: Windows XP Tablet Edition
OTS stalls with a "Range Check" error. Based on the status bar at the bottom, it appears to generate the error when it scans itself (i.e. OTS.com). ComboFix also gives an error stating that some files could not be created.

Also, FireFox appears to now crash whenever I use it. I am currently getting files by downloading them to a Mac and porting by USB key, is that ok?

Thanks again for the help thus far! I am going to contact financial institutions now.
Go to the top of the page
 
+Quote Post
Essexboy
post Oct 31 2009, 01:13 PM
Post #20


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Lets go non intrusive and see if we can find the file that will not let go - mac runs on a different structure so you should be OK

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll
    %systemroot%\system32\drivers\iaStor.sys
    %systemroot%\System32\drivers\nvstor.sys
    %systemroot%\system32\drivers\atapi.sys
    %systemroot%\system32\drivers\IdeChnDr.sys

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Reason for edit: Added MAC data
Go to the top of the page
 
+Quote Post
strohmen
post Oct 31 2009, 01:35 PM
Post #21


Member
**
Posts: 14
OS: Windows XP Tablet Edition
Here ya go! The system is becoming increasingly unstable by the way. Is it useful to continue listing symptoms or should I not bother?

Attached File  OTL.Txt ( 113.93K ) Number of downloads: 5

Attached File  Extras.Txt ( 42.1K ) Number of downloads: 13


OTL logfile created on: 10/31/2009 3:19:20 PM - Run 1
OTL by OldTimer - Version 3.1.1.7 Folder = C:\Documents and Settings\Reid Van Lehn\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.70% Memory free
3.81 Gb Paging File | 2.40 Gb Available in Paging File | 62.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.76 Gb Total Space | 10.98 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive D: | 3.82 Gb Total Space | 0.04 Gb Free Space | 1.02% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RVL
Current User Name: Reid Van Lehn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/31 14:49:51 | 00,190,714 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\win16.exe
PRC - [2009/10/31 14:49:49 | 00,190,714 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\lsass.exe
PRC - [2009/10/31 14:49:49 | 00,190,714 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\debug.exe
PRC - [2009/10/31 13:49:07 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\win32.exe
PRC - [2009/10/31 13:49:06 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\notepad.exe
PRC - [2009/10/31 13:49:06 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\login.exe
PRC - [2009/10/31 13:48:55 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\install.exe
PRC - [2009/10/31 13:48:55 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\cmd.exe
PRC - [2009/10/31 13:48:50 | 00,015,001 | -H-- | M] () -- C:\WINDOWS\Temp\u7ibbm8i.exe
PRC - [2009/10/31 13:46:16 | 01,168,896 | ---- | M] () -- C:\WINDOWS\svchust.exe
PRC - [2009/10/31 13:46:09 | 00,037,888 | ---- | M] () -- c:\xrmqvm.exe
PRC - 692 -- C:\WINDOWS\svchost.exe
PRC - [2009/10/31 13:44:53 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\3.tmp
PRC - [2009/10/31 12:26:30 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reid Van Lehn\Desktop\OTL.exe
PRC - [2009/10/30 18:06:54 | 03,430,299 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\ComboFix.com
PRC - [2009/10/30 18:06:54 | 03,430,299 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\ComboFix.com
PRC - [2009/10/28 14:37:23 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/02 23:32:51 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/10/23 17:13:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/23 17:13:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/07/10 20:42:14 | 00,839,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 20:12:40 | 00,487,424 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/28 14:19:10 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PRC - [2008/05/22 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/05/22 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/04/24 17:53:24 | 01,056,768 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/04/13 20:12:40 | 00,313,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2008/04/13 20:12:37 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe
PRC - [2008/04/13 20:12:37 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
PRC - [2008/04/13 20:12:35 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shmgrate.exe
PRC - [2008/04/13 20:12:23 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
PRC - [2008/04/13 20:12:22 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 20:12:22 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 20:12:19 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:19 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 09:08:36 | 00,487,424 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/02/19 02:15:38 | 00,126,976 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/02/19 02:13:28 | 00,462,848 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2007/10/25 16:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/25 15:06:00 | 00,106,496 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 10:05:40 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/09/24 14:55:44 | 02,447,360 | ---- | M] (Centered Systems) -- C:\Program Files\SecCopy\SecCopy.exe
PRC - [2007/02/19 04:13:18 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2006/09/12 12:25:42 | 00,258,048 | ---- | M] (GUNZE Limited) -- C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
PRC - [2005/11/30 12:43:00 | 00,058,952 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/08/04 00:00:00 | 00,107,520 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\system32\opeia.exe
PRC - [2004/08/04 00:00:00 | 00,067,584 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\system32\FastNetSrv.exe
PRC - [2004/08/04 00:00:00 | 00,061,440 | ---- | M] (yqwn vc ailebsgkswup) -- C:\WINDOWS\system32\lsm32.sys
PRC - [2003/07/03 01:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2002/08/29 03:41:28 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe


========== Win32 Services (SafeList) ==========

SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - [2009/10/31 13:46:16 | 01,168,896 | ---- | M] () -- C:\WINDOWS\svchust.exe
SRV - [2009/10/31 13:45:17 | 01,169,920 | ---- | M] () -- C:\WINDOWS\svchost.exe
SRV - [2009/10/29 16:12:08 | 00,875,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe
SRV - [2009/06/23 16:52:20 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SRV - [2008/10/23 17:13:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
SRV - [2008/10/22 15:40:30 | 00,000,000 | ---D | M] -- C:\WINDOWS\system32\MsDtc
SRV - [2008/09/19 03:03:58 | 00,085,504 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\mscorsvw.exe
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\aspnet_state.exe
SRV - [2008/07/10 20:42:14 | 00,839,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SRV - [2008/07/10 20:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
SRV - [2008/07/10 20:12:40 | 00,487,424 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SRV - [2008/05/28 14:19:10 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
SRV - [2008/05/22 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
SRV - [2008/04/13 20:11:56 | 00,061,440 | ---- | M] () -- C:\WINDOWS\system32\NWCWov32.dll
SRV - [2008/03/27 09:08:36 | 00,487,424 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
SRV - [2008/02/19 02:15:38 | 00,126,976 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
SRV - [2007/10/25 10:03:28 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
SRV - [2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
SRV - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SRV - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
SRV - [2007/02/19 04:13:18 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
SRV - [2006/07/05 16:19:26 | 00,146,432 | ---- | M] () -- C:\Program Files\CVSNT\\cvsnt.cpl
SRV - [2005/11/30 12:43:00 | 00,058,952 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
SRV - [2004/08/04 00:00:00 | 00,067,584 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\system32\FastNetSrv.exe
SRV - [2004/08/04 00:00:00 | 00,045,568 | ---- | M] (FTD2XX Software Technology) -- C:\WINDOWS\system32\BtwSrv.dll
SRV - [2004/08/04 00:00:00 | 00,012,082 | ---- | M] () -- C:\WINDOWS\system32\rsvp.ini
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2003/07/03 01:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/10/31 13:48:50 | 00,015,000 | ---- | M] () -- C:\WINDOWS\system32\k09ml5zd2.dll
MOD - [2009/10/31 12:26:30 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reid Van Lehn\Desktop\OTL.exe
MOD - [2009/07/31 13:52:57 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\system32\sikonese.dll
MOD - [2009/07/31 13:47:38 | 00,075,264 | -HS- | M] () -- C:\WINDOWS\system32\tasurizo.dll
MOD - [2009/07/31 13:47:38 | 00,075,264 | -HS- | M] () -- C:\WINDOWS\system32\kedawubo.dll
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:12:07 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tiptsf.dll
MOD - [2008/04/13 20:12:07 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tipcomponentsps.dll
MOD - [2008/04/13 20:12:06 | 00,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 20:12:01 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 20:11:58 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll
MOD - [2008/04/13 20:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/13 13:39:24 | 02,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2008/04/13 12:43:18 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2007/10/19 13:19:10 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2002/08/29 03:41:08 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {8F88CBFB-3201-4066-9EBA-6E838B957B5F}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/10/23 17:13:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\extensions\\{8F88CBFB-3201-4066-9EBA-6E838B957B5F}: C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\{8F88CBFB-3201-4066-9EBA-6E838B957B5F}\ File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 14:37:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 14:37:34 | 00,000,000 | ---D | M]

[2009/10/03 21:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Firefox\Profiles\brb68okk.default\extensions\bug489729@alice0775
[2009/08/07 12:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Firefox\Profiles\brb68okk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 14:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Firefox\Profiles\brb68okk.default\extensions
[2009/01/21 11:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/21 11:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Extensions
[2009/01/21 11:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Extensions
[2009/01/21 11:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/31 14:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Firefox\Profiles\brb68okk.default\extensions
[2009/08/07 12:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Firefox\Profiles\brb68okk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/03 21:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mozilla\Firefox\Profiles\brb68okk.default\extensions\bug489729@alice0775
[2008/10/23 17:14:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/28 14:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/31 14:49:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 14:49:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/28 14:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/23 17:14:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/28 14:37:21 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/28 14:37:21 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/10/23 17:13:37 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/28 14:37:26 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/26 11:56:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/08/19 13:39:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/19 13:39:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/19 13:39:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/19 13:39:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/19 13:39:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/29 16:45:45 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/08/19 13:39:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/19 13:39:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\k09ml5zd2.dll) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\k09ml5zd2.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [56169128] C:\Documents and Settings\All Users\Application Data\56169128\56169128.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Exiya] C:\WINDOWS\atojehuc.DLL (AGEIA Technologies, Inc.)
O4 - HKLM..\Run: [GzSnd] C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe (GUNZE Limited)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes\mbam.exe File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [pigoweyege] C:\WINDOWS\System32\kedawubo.dll ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [setowuluw] C:\WINDOWS\System32\sikonese.DLL ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe File not found
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [Second Copy] C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\win16.exe ()
O4 - Startup: C:\Documents and Settings\Reid Van Lehn\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 18.71.0.151 18.70.0.160 18.72.0.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O21 - SSODL: holugihew - {fb611709-9e50-4c4a-9262-1bda140f2f9b} - C:\WINDOWS\system32\sikonese.dll ()
O22 - SharedTaskScheduler: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - gsajkfh873whdngo8wuidgs4rgfr4 - C:\WINDOWS\system32\k09ml5zd2.dll ()
O22 - SharedTaskScheduler: {fb611709-9e50-4c4a-9262-1bda140f2f9b} - jugezatag - C:\WINDOWS\system32\sikonese.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (setuid) - C:\WINDOWS\System32\setuid.dll (March-Hare Software Ltd)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/22 15:45:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/31 13:42:52 | 00,000,026 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell - "" = AutoRun
O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell\AutoRun\command - "" = Z:\loader.exe -- File not found
O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell\langenglish\command - "" = Z:\setup\i386\msetup.exe -- File not found
O33 - MountPoints2\{694119c0-df5b-11dd-83d9-001dd949ad48}\Shell\AutoRun\command - "" = D:\MCTRAY.EXE -- [2008/04/13 20:12:38 | 00,046,080 | -H-- | M] (Microsoft Corporation)
O33 - MountPoints2\{70dedc22-e452-11dd-83db-001dd949ad48}\Shell - "" = AutoRun
O33 - MountPoints2\{70dedc22-e452-11dd-83db-001dd949ad48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{70dedc22-e452-11dd-83db-001dd949ad48}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\NWCWov32.dll ()
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/31 15:18:24 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Reid Van Lehn\Desktop\OTL.exe
[2009/10/31 14:55:46 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/10/31 13:53:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\56169128
[2009/10/31 13:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\{8F88CBFB-3201-4066-9EBA-6E838B957B5F}
[2009/10/31 13:45:40 | 00,076,800 | ---- | C] (ImTOO Software Studio) -- C:\wiloifg.exe
[2009/10/31 13:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Malwarebytes
[2009/10/31 13:24:45 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/31 13:24:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/31 13:24:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2009/10/31 13:24:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/30 21:02:04 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/10/30 16:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Reid Van Lehn\Desktop\avz4
[2009/10/30 15:18:45 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/30 10:27:10 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Reid Van Lehn\Desktop\OTS.COM
[2009/10/30 10:25:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/29 16:47:51 | 00,309,212 | ---- | C] (Andreas Hausladen) -- C:\WINDOWS\sv1.exe
[2009/10/29 16:11:19 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Windows System Defender
[2009/10/29 16:11:12 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\WSDDSys
[2009/10/29 16:10:52 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\dbf2e4c
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/10/31 15:24:25 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\birotasa
[2009/10/31 13:52:37 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Cfive.dat
[2009/10/31 13:52:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Mwonocu.bin
[2009/10/31 13:48:52 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/10/31 13:48:50 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\k09ml5zd2.dll
[2009/10/31 13:48:49 | 00,041,984 | ---- | M] () -- C:\ohqy.exe
[2009/10/31 13:47:36 | 00,075,264 | ---- | M] () -- C:\teoxn.exe
[2009/10/31 13:47:11 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Reid Van Lehn\Start Menu\Programs\Startup\scandisk.lnk
[2009/10/31 13:47:09 | 00,051,200 | ---- | M] () -- C:\ppdror.exe
[2009/10/31 13:46:58 | 00,076,800 | ---- | M] (ImTOO Software Studio) -- C:\wiloifg.exe
[2009/10/31 13:46:47 | 00,265,690 | ---- | M] () -- C:\WINDOWS\sv2.exe
[2009/10/31 13:46:40 | 00,309,212 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\sv1.exe
[2009/10/31 13:46:16 | 01,168,896 | ---- | M] () -- C:\WINDOWS\svchust.exe
[2009/10/31 13:46:09 | 00,037,888 | ---- | M] () -- C:\xrmqvm.exe
[2009/10/31 13:45:17 | 01,169,920 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2009/10/31 13:45:04 | 00,885,248 | ---- | M] () -- C:\WINDOWS\isvchost.exe
[2009/10/31 13:42:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 13:42:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 13:41:18 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\NTUSER.DAT
[2009/10/31 13:40:54 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Reid Van Lehn\ntuser.ini
[2009/10/31 13:24:47 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/31 13:15:34 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzi5nzg0.sys
[2009/10/31 12:26:44 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reid Van Lehn\Desktop\OTS.COM
[2009/10/31 12:26:30 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reid Van Lehn\Desktop\OTL.exe
[2009/10/30 21:02:00 | 03,430,299 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\baladf.exe
[2009/10/30 20:30:22 | 00,000,108 | ---- | M] () -- C:\WINDOWS\System32\6502921.BAT
[2009/10/30 20:30:12 | 00,133,632 | ---- | M] () -- C:\WINDOWS\SC.INS
[2009/10/30 18:06:54 | 03,430,299 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\ComboFix.com
[2009/10/30 15:31:21 | 03,427,862 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Gotcha.exe
[2009/10/30 15:17:13 | 00,471,876 | ---- | M] () -- C:\zip.exe
[2009/10/30 15:17:13 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/10/30 15:17:13 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/10/30 15:15:23 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\avenger.zip
[2009/10/30 14:48:16 | 00,000,827 | ---- | M] () -- C:\WINDOWS\System32\wininit.dll
[2009/10/30 14:44:11 | 03,427,862 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\blah.exe
[2009/10/30 14:20:01 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\RootRepeal.zip
[2009/10/30 14:15:11 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\settings.dat
[2009/10/30 14:04:36 | 00,067,584 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Win32kDiag.exe
[2009/10/30 10:25:48 | 00,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/30 10:12:20 | 00,544,256 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\afeasf.exe
[2009/10/30 10:10:07 | 00,000,106 | ---- | M] () -- C:\cikfj56ri108.bat
[2009/10/30 10:10:02 | 00,000,110 | ---- | M] () -- C:\WINDOWS\System32\57305281.BAT
[2009/10/29 16:57:43 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\TFC.exe
[2009/10/29 16:45:42 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Windows System Defender.lnk
[2009/10/29 16:45:34 | 00,000,734 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/29 16:35:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 16:11:29 | 00,000,110 | ---- | M] () -- C:\WINDOWS\System32\92185796.BAT
[2009/10/28 17:28:54 | 00,000,466 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/10/26 23:18:02 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/25 17:52:38 | 01,079,598 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\IsinglikeModel Sept-10-2009 v2.pdf
[2009/10/22 14:24:33 | 36,666,828 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\hood_tobacco_aesop.zip
[2009/10/18 15:20:36 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Comments.doc
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/31 14:55:40 | 03,430,299 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\ComboFix.com
[2009/10/31 13:52:37 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Cfive.dat
[2009/10/31 13:52:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Mwonocu.bin
[2009/10/31 13:48:52 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/10/31 13:48:50 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\k09ml5zd2.dll
[2009/10/31 13:47:23 | 00,075,264 | ---- | C] () -- C:\teoxn.exe
[2009/10/31 13:47:02 | 00,051,200 | ---- | C] () -- C:\ppdror.exe
[2009/10/31 13:46:13 | 00,041,984 | ---- | C] () -- C:\ohqy.exe
[2009/10/31 13:46:06 | 01,168,896 | ---- | C] () -- C:\WINDOWS\svchust.exe
[2009/10/31 13:45:36 | 00,037,888 | ---- | C] () -- C:\xrmqvm.exe
[2009/10/31 13:45:07 | 01,169,920 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2009/10/31 13:24:47 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 21:01:59 | 03,430,299 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\baladf.exe
[2009/10/30 20:53:47 | 00,885,248 | ---- | C] () -- C:\WINDOWS\isvchost.exe
[2009/10/30 20:32:45 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzi5nzg0.sys
[2009/10/30 20:30:22 | 00,000,108 | ---- | C] () -- C:\WINDOWS\System32\6502921.BAT
[2009/10/30 15:31:20 | 03,427,862 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Gotcha.exe
[2009/10/30 15:17:13 | 00,471,876 | ---- | C] () -- C:\zip.exe
[2009/10/30 15:17:13 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/10/30 15:17:13 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/10/30 15:15:58 | 00,752,640 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\avenger.exe
[2009/10/30 15:15:02 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\avenger.zip
[2009/10/30 14:48:16 | 00,000,827 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2009/10/30 14:43:52 | 03,427,862 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\blah.exe
[2009/10/30 14:15:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\settings.dat
[2009/10/30 14:15:02 | 00,493,568 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\RootRepeal.exe
[2009/10/30 14:14:45 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\RootRepeal.zip
[2009/10/30 14:04:35 | 00,067,584 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Win32kDiag.exe
[2009/10/30 10:12:19 | 00,544,256 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\afeasf.exe
[2009/10/30 10:10:07 | 00,000,106 | ---- | C] () -- C:\cikfj56ri108.bat
[2009/10/30 10:10:02 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\57305281.BAT
[2009/10/30 10:09:59 | 00,133,632 | ---- | C] () -- C:\WINDOWS\SC.INS
[2009/10/29 16:57:42 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\TFC.exe
[2009/10/29 16:47:58 | 00,265,690 | ---- | C] () -- C:\WINDOWS\sv2.exe
[2009/10/29 16:12:22 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Windows System Defender.lnk
[2009/10/29 16:11:29 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\92185796.BAT
[2009/10/26 23:17:54 | 00,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/25 17:52:29 | 01,079,598 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\IsinglikeModel Sept-10-2009 v2.pdf
[2009/10/22 14:17:09 | 36,666,828 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\hood_tobacco_aesop.zip
[2009/10/18 14:37:33 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Comments.doc
[2009/09/30 12:14:57 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\PUTTY.RND
[2009/08/23 15:58:16 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/23 15:58:16 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/23 15:58:16 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/07/31 13:52:57 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\sikonese.dll
[2009/07/31 13:52:57 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\tijevufi.dll
[2009/07/31 13:47:38 | 00,075,264 | -HS- | C] () -- C:\WINDOWS\System32\tasurizo.dll
[2009/07/31 13:47:38 | 00,075,264 | -HS- | C] () -- C:\WINDOWS\System32\kedawubo.dll
[2009/07/31 13:47:38 | 00,075,264 | -HS- | C] () -- C:\WINDOWS\System32\jaharati.dll
[2009/07/09 22:51:22 | 00,004,924 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/06/19 11:38:14 | 00,000,466 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/19 11:38:14 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/22 16:55:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll
[2009/04/04 20:33:24 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/12 02:56:25 | 00,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/31 00:16:33 | 00,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/10/23 02:29:31 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/23 00:01:58 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 22:29:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/10/22 20:04:40 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/22 19:30:48 | 00,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/10/22 19:30:47 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/10/22 19:30:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/10/22 19:24:22 | 00,106,496 | ---- | C] () -- C:\WINDOWS\stkbtnpn.dll
[2008/10/22 19:16:11 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/10/22 19:16:10 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/10/22 19:16:10 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/10/22 19:16:10 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/10/22 18:58:17 | 00,033,744 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/22 18:41:36 | 04,813,200 | -H-- | C] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\IconCache.db
[2008/10/22 15:51:27 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Application Data\fusioncache.dat
[2008/10/22 15:50:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Reid Van Lehn\Application Data\desktop.ini
[2008/10/22 10:21:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/10/11 18:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/20 06:33:52 | 03,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 06:33:52 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 06:33:52 | 00,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 06:33:52 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 06:33:52 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 06:33:52 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 06:33:52 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 06:33:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 06:33:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 06:33:52 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 06:33:52 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 06:33:52 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 06:33:52 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 06:33:52 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 06:33:52 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 06:33:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 06:33:52 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 06:33:52 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/09/20 06:33:52 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 06:33:52 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/02/19 04:12:19 | 00,076,800 | ---- | C] () -- C:\WINDOWS\uine4nt.dll
[2006/08/28 13:48:08 | 01,490,999 | ---- | C] () -- C:\WINDOWS\System32\tkbtnpn1.dll
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/01/17 16:10:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/08/09 16:00:42 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2004/08/04 00:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 00:00:00 | 00,000,439 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/03 19:56:44 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\NWCWov32.dll
[2004/08/03 19:56:44 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Irmonv32.dll
[2004/08/03 19:56:44 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Ipripv32.dll
[2004/08/03 19:56:44 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\isapeep.sys
[2004/08/03 19:56:44 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\daqdrv.sys
[2003/07/03 01:25:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll

========== LOP Check ==========

[2009/10/31 13:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\56169128
[2009/06/19 17:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aspell
[2008/10/22 19:30:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/06/19 11:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/10/29 16:12:21 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\dbf2e4c
[2009/06/23 19:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/10/22 18:50:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/03/12 02:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/10/24 09:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mathematica
[2009/06/19 17:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiKTeX
[2008/10/22 23:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2009/10/29 16:11:12 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\WSDDSys
[2009/04/10 22:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\AccurateRip
[2009/09/23 13:40:01 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Brother
[2009/10/28 16:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\codeblocks
[2009/05/09 18:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\dvdcss
[2008/11/18 20:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\fltk.org
[2009/10/29 02:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\foobar2000
[2009/01/28 16:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\gambatte
[2009/02/14 20:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Hamachi
[2008/10/22 18:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Intel
[2009/06/21 00:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\lyx16
[2008/10/24 09:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Mathematica
[2009/04/06 00:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\MathWorks
[2008/11/06 10:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\MixMeister Technology
[2009/06/23 11:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Move Networks
[2009/10/04 23:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\QuosaDDM
[2009/02/23 22:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\RasWin
[2008/12/09 00:31:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\SolidWorks
[2009/10/11 13:06:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\StreamTorrent
[2009/08/02 01:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\U3
[2009/06/23 12:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\UltraVNC
[2009/10/29 16:01:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\uTorrent
[2008/10/22 23:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\VanDyke
[2009/10/29 16:13:11 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Windows System Defender
[2004/08/04 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/31 13:42:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/10/30 15:17:13 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/10/31 13:48:49 | 00,041,984 | ---- | M] () -- C:\ohqy.exe
[2009/10/31 13:47:09 | 00,051,200 | ---- | M] () -- C:\ppdror.exe
[2009/10/31 13:48:44 | 00,212,992 | ---- | M] (Microsoft Corporation) -- C:\qwwuspsh.exe
[2009/10/31 13:47:36 | 00,075,264 | ---- | M] () -- C:\teoxn.exe
[2009/10/31 13:46:58 | 00,076,800 | ---- | M] (ImTOO Software Studio) -- C:\wiloifg.exe
[2009/10/31 13:46:09 | 00,037,888 | ---- | M] () -- C:\xrmqvm.exe
[2009/10/30 15:17:13 | 00,471,876 | ---- | M] () -- C:\zip.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< %systemroot%\system32\drivers\IdeChnDr.sys >
< End of report >
Go to the top of the page
 
+Quote Post
Essexboy
post Oct 31 2009, 01:59 PM
Post #22


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Yes please enumerate the problems for me. This is a large fix - lets see how this runs

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    PRC - [2009/10/31 13:49:07 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\win32.exe
    PRC - [2009/10/31 13:49:06 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\notepad.exe
    PRC - [2009/10/31 13:49:06 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\login.exe
    PRC - [2009/10/31 13:48:55 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\install.exe
    PRC - [2009/10/31 13:48:55 | 00,190,714 | -H-- | M] () -- C:\WINDOWS\Temp\cmd.exe
    PRC - [2009/10/31 13:48:50 | 00,015,001 | -H-- | M] () -- C:\WINDOWS\Temp\u7ibbm8i.exe
    PRC - [2009/10/31 13:46:16 | 01,168,896 | ---- | M] () -- C:\WINDOWS\svchust.exe
    PRC - [2009/10/31 13:46:09 | 00,037,888 | ---- | M] () -- c:\xrmqvm.exe
    PRC - 692 -- C:\WINDOWS\svchost.exe
    PRC - [2009/10/31 13:44:53 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\3.tmp
    PRC - [2009/10/31 14:49:51 | 00,190,714 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\win16.exe
    PRC - [2009/10/31 14:49:49 | 00,190,714 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\lsass.exe
    PRC - [2009/10/31 14:49:49 | 00,190,714 | -H-- | M] () -- C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\debug.exe
    PRC - [2004/08/04 00:00:00 | 00,061,440 | ---- | M] (yqwn vc ailebsgkswup) -- C:\WINDOWS\system32\lsm32.sys
    PRC - [2003/07/03 01:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
    SRV - [2009/10/31 13:46:16 | 01,168,896 | ---- | M] () -- C:\WINDOWS\svchust.exe
    SRV - [2009/10/31 13:45:17 | 01,169,920 | ---- | M] () -- C:\WINDOWS\svchost.exe
    SRV - [2008/04/13 20:11:56 | 00,061,440 | ---- | M] () -- C:\WINDOWS\system32\NWCWov32.dll
    SRV - [2004/08/04 00:00:00 | 00,012,082 | ---- | M] () -- C:\WINDOWS\system32\rsvp.ini
    MOD - [2009/10/31 13:48:50 | 00,015,000 | ---- | M] () -- C:\WINDOWS\system32\k09ml5zd2.dll
    MOD - [2009/07/31 13:52:57 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\system32\sikonese.dll
    MOD - [2009/07/31 13:47:38 | 00,075,264 | -HS- | M] () -- C:\WINDOWS\system32\tasurizo.dll
    MOD - [2009/07/31 13:47:38 | 00,075,264 | -HS- | M] () -- C:\WINDOWS\system32\kedawubo.dll
    O2 - BHO: (C:\WINDOWS\system32\k09ml5zd2.dll) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\k09ml5zd2.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [56169128] C:\Documents and Settings\All Users\Application Data\56169128\56169128.exe ()
    O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
    O4 - HKLM..\Run: [Exiya] C:\WINDOWS\atojehuc.DLL (AGEIA Technologies, Inc.)
    O4 - HKLM..\Run: [pigoweyege] C:\WINDOWS\System32\kedawubo.dll ()
    O4 - HKLM..\Run: [setowuluw] C:\WINDOWS\System32\sikonese.DLL ()
    O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\Reid Van Lehn\Local Settings\Temp\win16.exe ()
    O4 - Startup: C:\Documents and Settings\Reid Van Lehn\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
    O20 - Winlogon\Notify\crypt32chain: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: holugihew - {fb611709-9e50-4c4a-9262-1bda140f2f9b} - C:\WINDOWS\system32\sikonese.dll ()
    O22 - SharedTaskScheduler: {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - gsajkfh873whdngo8wuidgs4rgfr4 - C:\WINDOWS\system32\k09ml5zd2.dll ()
    O22 - SharedTaskScheduler: {fb611709-9e50-4c4a-9262-1bda140f2f9b} - jugezatag - C:\WINDOWS\system32\sikonese.dll ()
    O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell - "" = AutoRun
    O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell\AutoRun\command - "" = Z:\loader.exe -- File not found
    O33 - MountPoints2\##18.78.0.249#SW2007-8-XP\Shell\langenglish\command - "" = Z:\setup\i386\msetup.exe -- File not found
    O33 - MountPoints2\{694119c0-df5b-11dd-83d9-001dd949ad48}\Shell\AutoRun\command - "" = D:\MCTRAY.EXE -- [2008/04/13 20:12:38 | 00,046,080 | -H-- | M] (Microsoft Corporation)
    O33 - MountPoints2\{70dedc22-e452-11dd-83db-001dd949ad48}\Shell - "" = AutoRun
    O33 - MountPoints2\{70dedc22-e452-11dd-83db-001dd949ad48}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{70dedc22-e452-11dd-83db-001dd949ad48}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe -- File not found
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
    NetSvcs: NWCWorkstation - C:\WINDOWS\system32\NWCWov32.dll ()
    [2009/10/31 13:53:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\56169128
    [2009/10/30 21:02:04 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
    [2009/10/31 15:24:25 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\birotasa
    [2009/10/31 13:52:37 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Cfive.dat
    [2009/10/31 13:52:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Mwonocu.bin
    [2009/10/31 13:48:52 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
    [2009/10/31 13:48:50 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\k09ml5zd2.dll
    [2009/10/31 13:48:49 | 00,041,984 | ---- | M] () -- C:\ohqy.exe
    [2009/10/31 13:47:36 | 00,075,264 | ---- | M] () -- C:\teoxn.exe
    [2009/10/31 13:47:11 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Reid Van Lehn\Start Menu\Programs\Startup\scandisk.lnk
    [2009/10/31 13:47:09 | 00,051,200 | ---- | M] () -- C:\ppdror.exe
    [2009/10/31 13:46:47 | 00,265,690 | ---- | M] () -- C:\WINDOWS\sv2.exe
    [2009/10/31 13:46:40 | 00,309,212 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\sv1.exe
    [2009/10/31 13:46:16 | 01,168,896 | ---- | M] () -- C:\WINDOWS\svchust.exe
    [2009/10/31 13:46:09 | 00,037,888 | ---- | M] () -- C:\xrmqvm.exe
    [2009/10/31 13:45:17 | 01,169,920 | ---- | M] () -- C:\WINDOWS\svchost.exe
    [2009/10/31 13:45:04 | 00,885,248 | ---- | M] () -- C:\WINDOWS\isvchost.exe
    [2009/10/31 13:15:34 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzi5nzg0.sys
    [2009/10/30 21:02:00 | 03,430,299 | ---- | M] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\baladf.exe
    [2009/10/30 20:30:22 | 00,000,108 | ---- | M] () -- C:\WINDOWS\System32\6502921.BAT
    [2009/10/30 10:10:07 | 00,000,106 | ---- | M] () -- C:\cikfj56ri108.bat
    [2009/10/30 10:10:02 | 00,000,110 | ---- | M] () -- C:\WINDOWS\System32\57305281.BAT
    [2009/10/29 16:11:29 | 00,000,110 | ---- | M] () -- C:\WINDOWS\System32\92185796.BAT
    [2009/10/31 13:52:37 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Cfive.dat
    [2009/10/31 13:52:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Mwonocu.bin
    [2009/10/31 13:48:52 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
    [2009/10/31 13:48:50 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\k09ml5zd2.dll
    [2009/10/31 13:47:23 | 00,075,264 | ---- | C] () -- C:\teoxn.exe
    [2009/10/31 13:47:02 | 00,051,200 | ---- | C] () -- C:\ppdror.exe
    [2009/10/31 13:46:13 | 00,041,984 | ---- | C] () -- C:\ohqy.exe
    [2009/10/31 13:46:06 | 01,168,896 | ---- | C] () -- C:\WINDOWS\svchust.exe
    [2009/10/31 13:45:36 | 00,037,888 | ---- | C] () -- C:\xrmqvm.exe
    [2009/10/31 13:45:07 | 01,169,920 | ---- | C] () -- C:\WINDOWS\svchost.exe
    [2009/10/30 21:01:59 | 03,430,299 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\baladf.exe
    [2009/10/30 20:53:47 | 00,885,248 | ---- | C] () -- C:\WINDOWS\isvchost.exe
    [2009/10/30 20:32:45 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzi5nzg0.sys
    [2009/10/30 20:30:22 | 00,000,108 | ---- | C] () -- C:\WINDOWS\System32\6502921.BAT
    [2009/10/30 10:10:07 | 00,000,106 | ---- | C] () -- C:\cikfj56ri108.bat
    [2009/10/30 10:10:02 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\57305281.BAT
    [2009/10/30 10:09:59 | 00,133,632 | ---- | C] () -- C:\WINDOWS\SC.INS
    [2009/10/29 16:12:22 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Reid Van Lehn\Desktop\Windows System Defender.lnk
    [2009/10/29 16:11:29 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\92185796.BAT
    [2009/08/23 15:58:16 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2009/08/23 15:58:16 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2009/08/23 15:58:16 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2009/07/31 13:52:57 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\sikonese.dll
    [2009/07/31 13:52:57 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\tijevufi.dll
    [2009/07/31 13:47:38 | 00,075,264 | -HS- | C] () -- C:\WINDOWS\System32\tasurizo.dll
    [2009/07/31 13:47:38 | 00,075,264 | -HS- | C] () -- C:\WINDOWS\System32\kedawubo.dll
    [2009/07/31 13:47:38 | 00,075,264 | -HS- | C] () -- C:\WINDOWS\System32\jaharati.dll
    [2009/07/09 22:51:22 | 00,004,924 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
    [2009/06/19 11:38:14 | 00,000,466 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/06/19 11:38:14 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2009/10/29 16:12:21 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\dbf2e4c
    [2009/10/29 16:13:11 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Reid Van Lehn\Application Data\Windows System Defender
    [2009/10/30 15:17:13 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
    [2009/10/31 13:48:49 | 00,041,984 | ---- | M] () -- C:\ohqy.exe
    [2009/10/31 13:47:09 | 00,051,200 | ---- | M] () -- C:\ppdror.exe
    [2009/10/31 13:48:44 | 00,212,992 | ---- | M] (Microsoft Corporation) -- C:\qwwuspsh.exe
    [2009/10/31 13:47:36 | 00,075,264 | ---- | M] () -- C:\teoxn.exe
    [2009/10/31 13:46:09 | 00,037,888 | ---- | M] () -- C:\xrmqvm.exe
    [2009/10/30 15:17:13 | 00,471,876 | ---- | M] () -- C:\zip.exe

    :Files
    C:\Documents and Settings\All Users\Application Data\56169128

    :Commands
    [purity]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Go to the top of the page
 
+Quote Post
strohmen
post Oct 31 2009, 06:49 PM
Post #23


Member
**
Posts: 14
OS: Windows XP Tablet Edition
OK, so new stuff:

After running the OTL fix you suggested, I restarted. A new program called "Security Tool" booted with windows and started running scans. I tried to close it. It first blocked internet access to Firefox when I tried to start it, then would not let me launch OTL because it claims it is infected with Lsas.Blaster.Keyloger. Thus I do not have a new log to post.

I'm getting tempted to reinstall my OS as it seems that this infection is really complicated and I don't want to take up too much more of your time. If I were to reinstall, is it completely unsafe to copy any files, or is there a safe way to copy some of the files that have chagned since my last back up (which was a few days ago).

Thank you!
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 1 2009, 05:10 AM
Post #24


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
If you wish to re-install that is an option - we have a tutorial here You can back up any documents. images etc but I would recommend that you do not back up any executable files

Let me know how you would like to proceed

Go to the top of the page
 
+Quote Post
strohmen
post Nov 1 2009, 11:37 AM
Post #25


Member
**
Posts: 14
OS: Windows XP Tablet Edition
OK, I think I will just go ahead and reinstall the OS. The tutorial looks pretty straight forward so I think I will be ok. I have backed up recently so I will only copy over non-executable documents that I have modified since my last back up.

Thank you very much for all of your help in this process! I will be happy to make a donation as soon as my credit cards are available to me again smile.gif
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 1 2009, 11:43 AM
Post #26


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
That is not a problem as long as the final result is that you are happy

Keep safe now wavey.gif
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 6 2009, 04:00 PM
Post #27


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
 

2 Pages V  < 1 2
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 09:05 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.