Live Chat & Podcast at 1:00PM Eastern on Sunday!

Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post IE8 open then closes suddenly
Go to first new post Printer Communication Problem- HKLM Boot ...
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post YellowMoxie Redirect
Go to first new post Laptop is slow
Go to first new post Blekko Lavasoft search engine removal
Go to first new post Virus
Go to first new post possable infection request help ( hijack ...
Go to first new post BSOD twice, help?
Go to first new post I've tried everything yet my computer is ...
Go to first new post Unable to use HJT
Go to first new post FBI Virus Removal Help Needed
Go to first new post Slow connection/mouse problems -- malwar ...
Go to first new post Fubar virus?
Go to first new post windows XP OBJECT DELAY LOAD
Search Search
Search for:
Tech Support Guy Forums > > >

How do I get rid of this C:\Windows/System32/Services.exe Virus

(In Progress)
(!)

Reply
mgoblue10's Avatar
Computer Specs
Member with 5 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
03-Sep-2012, 09:27 AM #1
Unhappy How do I get rid of this C:\Windows/System32/Services.exe Virus
Hello ,

I have avast antimalware right now, I used to have microsoft security essentials but I cannot download and open that service anymore due to this virus. I cannot open windows firewall I get the error: 0x8007042 code, windows will not update, itunes will not connect to the store or update either that how I knew something was wrong initially.
When avast found these infected files, it could not move them to the chest, repair or delete them no matter what I did. These are the files that wont delete,
C:\Windows\System32\Services.exe Win32atched-AKC[Trj]
C:\Windows\assembly\GAC_32\Desktop.ini Win32:Sirefef-PL[Rtk]
C:\Windows\System32\Services.exe Win32atched-AKC[Trj]
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
10-Sep-2012, 03:39 AM #2
Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
mgoblue10's Avatar
Computer Specs
Member with 5 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
16-Sep-2012, 03:37 PM #3
It's ok no problem I am happy for the help with this very frustrating virus.
here are the logs
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
17-Sep-2012, 02:21 AM #4
Hi,

LimeWire

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
mgoblue10's Avatar
Computer Specs
Member with 5 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
19-Sep-2012, 12:28 AM #5
Smile Next steps
hello,

Thanks for getting back to me so fast. I had deleted limewire long ago annd did not realize it was still on my computer. I followed your instructions and disabled avast and ran combo fix. as soon as combo fix was done (it deleted and folder called basic scan) my windows updater started up again. I hope that is a good sign, here is the report/log from combofix

ComboFix 12-09-18.07 - Brianne Gallon 09/18/2012 23:24:00.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1945 [GMT -4:00]
Running from: c:\users\Brianne Gallon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\59736b8ee716261350d89044c44ad54a_c
c:\programdata\BasicScan
c:\users\BRIANN~1\AppData\Local\Temp\nsl1601.tmp\System.dll
c:\users\Brianne Gallon\AppData\Local\Temp\nsl1601.tmp\System.dll
c:\users\Brianne Gallon\AppData\Roaming\inst.exe
c:\users\Brianne Gallon\GoToAssistDownloadHelper.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\@
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L\00000004.@
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L\1afb2d56
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L\201d3dde
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\00000008.@
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz128A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1682.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz169A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18CA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18F2.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz191F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz194F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1980.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B2.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19BF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1C2D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D2A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D57.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D87.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D8A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1DAA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1F7F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2016.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2093.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz218.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2381.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23C1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23FC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz246A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz24B7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz258B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2591.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz25CA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz27C9.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2885.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2A16.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B56.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B92.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2BA2.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2DE5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2E44.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2EF2.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2F22.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz300.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3040.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz314F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz335F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz348C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3495.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34BB.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34C5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3573.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3583.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz35F5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3616.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3622.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3652.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3691.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz36D0.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3858.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz38CD.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz393B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3B5E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CBA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CDA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CEB.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3E8F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3EFE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3F99.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz406B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz409B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4257.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4267.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz43FE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46F5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46FC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz48C1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A25.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A46.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A48.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A49.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A4A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4DEF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz50A4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5164.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5433.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5772.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz58EB.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5905.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5906.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5B0A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CC7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CD7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CE4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5D08.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5DB5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E2E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E69.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E8C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E90.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6065.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60CA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60EA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz62DF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz634E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz636E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6371.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6372.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz63DA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz640.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6572.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz65B5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz662D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz664E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6664.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz670A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz671A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6860.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6864.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz68EC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz690E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6919.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C00.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C68.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C98.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6CA8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7002.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7273.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz72C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz72E1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7354.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7406.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7438.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7468.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76EA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76FA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7766.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A22.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A55.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7BC5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7CBD.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7D0C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7FFE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz80D8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz816F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8171.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz81D1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8211.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz839C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz83BC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8537.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz856C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85A1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85D4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85F4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8633.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz86A3.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz87DF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz886A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz887B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz88E8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B0B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B88.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C55.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C75.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CA5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CC4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8D2F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8DBF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8F0E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9020.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz904E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91B0.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91C7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91E7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz92B7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz94C5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz954D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz982B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9949.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9979.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9B2E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BDA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BFA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CDA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFB.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F15.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F55.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA03B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA475.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA495.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA566.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA698.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA6D8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA91A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB78.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB79.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzABDC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzADB4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF12.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF91.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAFFF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB24D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB31C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB394.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB4A1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB6EE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB71E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB723.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBA7.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB75.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB76.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB77.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBC20.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBC8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBCAD.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBDE8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF16.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF78.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF8B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF9B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC079.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0B2.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0C3.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC15A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC16A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC174.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC19F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2C6.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2D5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC395.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3E9.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3F9.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC4AF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC513.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC52.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC5AA.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC63.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC899.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC8E8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCA8B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCEC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCFE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD3E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD94.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCDCB.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCE76.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF2A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF4A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD00D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD01A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD079.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD10.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD296.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD30E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD408.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD4D2.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD4E3.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD604.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD615.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD799.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD887.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD922.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD942.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD970.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC20.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC50.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDDA8.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE17.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE66.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE0A.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE1E0.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE45B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FD.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE65E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7C5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7F4.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C6.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB19.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB97.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzECF9.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED3B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4B.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEE55.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEECF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF042.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF043.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF2D3.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF4CC.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5BE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5EE.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6CF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6E1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6F1.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF7BF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF81E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF8D.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C5.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C9.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFA5C.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB3E.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB4F.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB94.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB98.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFBDF.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD08.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD28.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD62.tmp
c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFE15.tmp
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\jstauffer\AppData\Local\temp
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Granny\AppData\Local\temp
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-19 03:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-09-19 03:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-09-19 03:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-09-19 03:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-09-19 03:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-09-16 19:47 . 2012-09-16 19:47 -------- d-----w- c:\users\Brianne Gallon\AppData\Roaming\Xilisoft
2012-09-16 17:59 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 17:58 . 2012-09-16 17:58 -------- d-----w- c:\program files\iPod
2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files\iTunes
2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files (x86)\iTunes
2012-09-07 23:13 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-07 23:13 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-07 23:13 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-07 23:13 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-07 23:13 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-09-07 23:13 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-07 23:13 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-07 23:13 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-07 23:13 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-05 23:59 . 2012-06-22 11:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-05 23:17 . 2012-09-05 23:17 -------- d-----w- c:\users\Brianne Gallon\AppData\Local\Citrix
2012-09-05 00:16 . 2012-09-05 23:37 -------- d-----w- c:\programdata\PLAV
2012-09-05 00:16 . 2012-09-05 00:16 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-09-05 00:16 . 2012-09-05 23:51 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-09-03 13:53 . 2012-09-03 13:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-03 13:53 . 2012-09-03 13:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 22:54 . 2012-09-02 22:54 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-02 07:33 . 2012-09-02 07:33 328704 ----a-w- c:\windows\system32\services.exe.24403E6BA043BC6D
2012-09-02 07:26 . 2012-09-02 07:26 328704 ----a-w- c:\windows\system32\services.exe.B6E89061B1470347
2012-09-02 07:13 . 2012-09-02 07:13 328704 ----a-w- c:\windows\system32\services.exe.9C002E3990F4BDE3
2012-09-02 07:07 . 2012-09-02 07:07 328704 ----a-w- c:\windows\system32\services.exe.A328ADA0E9F2F6D0
2012-09-02 06:40 . 2012-09-02 06:40 328704 ----a-w- c:\windows\system32\services.exe.4623CE54A7104A0E
2012-09-02 06:36 . 2012-09-02 06:36 328704 ----a-w- c:\windows\system32\services.exe.7E10FD6BB45A7B32
2012-09-02 06:31 . 2012-09-02 06:31 328704 ----a-w- c:\windows\system32\services.exe.BE6A9202314D47FE
2012-09-02 06:27 . 2012-09-02 06:27 328704 ----a-w- c:\windows\system32\services.exe.F44E38FF253E53A4
2012-09-02 06:23 . 2012-09-02 06:23 328704 ----a-w- c:\windows\system32\services.exe.E88327A2605261BA
2012-08-29 00:54 . 2011-07-20 17:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-08-29 00:52 . 2012-08-29 00:53 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-08-28 23:28 . 2012-08-28 23:28 -------- d-----w- c:\program files (x86)\Tiny Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 13:53 . 2012-05-18 13:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 13:53 . 2010-05-14 21:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:43 . 2010-03-22 19:47 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-28 05:49 . 2012-09-19 03:12 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AD18C1-E94A-4776-86AC-EC6E38065EEA}\mpengine.dll
2012-08-21 17:01 . 2009-12-01 02:37 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2009-12-01 02:37 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:12 . 2012-07-09 02:06 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-14 23:57 . 2012-05-21 19:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:57 . 2011-08-15 22:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 12:41 . 2010-09-16 15:49 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 12:41 . 2010-09-16 15:49 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 12:41 . 2010-09-16 15:49 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-22 11:38 . 2012-06-22 11:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 11:36 . 2012-06-22 11:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 11:34 . 2012-06-22 11:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-07-22 18:20 . 2010-07-22 18:31 115331072 ----a-w- c:\program files\Samsung New PC Studio.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
R1 kwbbqbrf;kwbbqbrf;c:\windows\system32\drivers\kwbbqbrf.sys [x]
R1 prgcomff;prgcomff;c:\windows\system32\drivers\prgcomff.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 227840]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 198528]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAVx64\1008000.029\SYMNDISV.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-02 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-01 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2011-08-23 488568]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoA cceleratorService.exe [2012-02-25 265928]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-01 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 23:57]
.
2012-09-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-07 09:12]
.
2012-09-19 c:\windows\Tasks\HPCeeScheduleForBrianne Gallon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
z800bus
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.att.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files (x86)\Hot_MP3\tbHot_.dll
Toolbar-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files (x86)\Hot_MP3\tbHot_.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Toolbar-10 - (no file)
WebBrowser-{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-LimeWire - c:\users\Brianne Gallon\Music\LimeWire\uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"=hex:51,66,7a,6c,4c,1d,38,12,22,be,97,
97,26,93,87,0e,ff,e1,b5,67,70,4f,a0,e1
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,
ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d3,88,5c,07,52,bc,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\06\03\05\12\02["
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-09-19 00:17:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-19 04:17
.
Pre-Run: 59,582,717,952 bytes free
Post-Run: 60,900,847,616 bytes free
.
- - End Of File - - 30524A34EAB830BEAA07D862585E0217
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
19-Sep-2012, 01:06 AM #6
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
c:\windows\system32\services.exe.24403E6BA043BC6D
c:\windows\system32\services.exe.B6E89061B1470347
c:\windows\system32\services.exe.9C002E3990F4BDE3
c:\windows\system32\services.exe.A328ADA0E9F2F6D0
c:\windows\system32\services.exe.4623CE54A7104A0E
c:\windows\system32\services.exe.7E10FD6BB45A7B32
c:\windows\system32\services.exe.BE6A9202314D47FE
c:\windows\system32\services.exe.F44E38FF253E53A4
c:\windows\system32\services.exe.E88327A2605261BA

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.



Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Uninstall this old Java: Java(TM) 6 Update 35


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
mgoblue10's Avatar
Computer Specs
Member with 5 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
19-Sep-2012, 11:38 PM #7
Next steps 2
Hello and thanks again. Here are the logs 3 are attached.

ESET
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz128A.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1682.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz169A.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18CA.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18F2.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz191F.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz194F.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B1.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B2.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19BF.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1C2D.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D2A.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D87.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D8A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1DAA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1F7F.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2016.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2093.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz218.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2381.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23C1.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23FC.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz246A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz24B7.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2591.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz25CA.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2885.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2A16.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B56.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B92.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2BA2.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2DE5.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2EF2.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz300.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3040.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz314F.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz335F.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz348C.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3495.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34BB.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34C5.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3573.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3583.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz35F5.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3616.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3622.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3652.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3691.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3858.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz38CD.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz393B.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3B5E.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CDA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CEB.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3E8F.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3EFE.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3F99.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz409B.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4257.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4267.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz43FE.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46F5.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46FC.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz48C1.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A25.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A46.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A48.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A49.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A4A.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4DEF.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2C.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2D.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F7.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz50A4.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5164.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5433.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5772.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz58EB.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5905.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5906.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5B0A.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CC7.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CD7.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CE4.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5D08.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5DB5.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E2E.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E69.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6065.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60CA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60EA.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz62DF.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz634E.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz636E.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6371.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6372.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz63DA.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz640.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6572.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz65B5.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz662D.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz664E.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6664.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz670A.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz671A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A7.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A8.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6860.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6864.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz68EC.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz690E.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6919.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C00.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C68.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C98.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6CA8.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7002.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7273.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz72C.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7406.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7438.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7468.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76EA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76FA.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7766.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A22.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A55.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7BC5.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7CBD.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7D0C.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7FFE.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz80D8.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8171.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz81D1.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8211.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz839C.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz83BC.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz856C.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85A1.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85D4.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85F4.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz86A3.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz87DF.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz886A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz887B.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz88E8.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B0B.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B88.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C55.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C75.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CA5.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CC4.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8D2F.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8DBF.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8F0E.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9020.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz904E.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91B0.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91C7.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91E7.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz92B7.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz94C5.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz954D.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz982B.tmp.vir Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9949.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9979.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9B2E.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BDA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BFA.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CDA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFA.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFB.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F15.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F55.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA03B.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA495.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA566.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA698.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA6D8.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA91A.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB78.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB79.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzABDC.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzADB4.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF12.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF91.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAFFF.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB24D.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB31C.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB394.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB4A1.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB6EE.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB71E.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB723.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBA7.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB75.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB76.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB77.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBC8.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBCAD.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBDE8.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF78.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF8B.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF9B.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC079.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0B2.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0C3.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC15A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC16A.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC174.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC19F.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2C6.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2D5.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC395.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3E9.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3F9.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC4AF.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC513.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC52.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC5AA.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC63.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC899.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC8E8.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCA8B.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCEC.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCFE.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD3E.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD94.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCDCB.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCE76.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF2A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF4A.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD00D.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD01A.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD079.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD10.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD296.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD30E.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43D.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43E.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD4D2.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD604.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD615.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD799.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD887.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD922.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD942.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD970.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC20.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC50.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDDA8.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE17.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE66.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE0A.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE1E0.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43B.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43C.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE45B.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FC.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FD.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE65E.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7C5.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7F4.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C5.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C6.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB19.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB97.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzECF9.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED3B.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4B.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4C.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEE55.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEECF.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF042.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF043.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF2D3.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF4CC.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5BE.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5EE.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6D.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6E1.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6F1.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF7BF.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF81E.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF8D.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C5.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C9.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFA5C.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB3E.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB4F.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB94.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB98.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFBDF.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD08.tmp.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD28.tmp.vir Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD62.tmp.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFE15.tmp.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm HTML/ScrInject.B.Gen virus
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
20-Sep-2012, 01:09 AM #8
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. How's the system running?
__________________
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
ASAP & UNITE member since 2006
Malware removal instructions are for the correspondent user's case only.
mgoblue10's Avatar
Computer Specs
Member with 5 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
20-Sep-2012, 08:50 PM #9
My computer is running much better. I got my windows firewall turned back on too which is great! I know this is a smaller issue but i still cannot get my itunes to connect to the store and update itself should i just uninstall and then reinstall it over again?

ComboFix 12-09-20.02 - Brianne Gallon 09/20/2012 19:24:06.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1754 [GMT -4:00]
Running from: c:\users\Brianne Gallon\Desktop\ComboFix.exe
Command switches used :: c:\users\Brianne Gallon\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm"
.
.
((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
.
.
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\jstauffer\AppData\Local\temp
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Granny\AppData\Local\temp
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-20 00:02 . 2012-09-20 00:02 -------- d-----w- c:\program files (x86)\ESET
2012-09-19 23:07 . 2012-09-19 23:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AD18C1-E94A-4776-86AC-EC6E38065EEA}\offreg.dll
2012-09-19 03:12 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AD18C1-E94A-4776-86AC-EC6E38065EEA}\mpengine.dll
2012-09-19 03:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-09-19 03:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-09-19 03:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-09-19 03:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-09-19 03:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-09-16 19:47 . 2012-09-16 19:47 -------- d-----w- c:\users\Brianne Gallon\AppData\Roaming\Xilisoft
2012-09-16 17:59 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 17:58 . 2012-09-16 17:58 -------- d-----w- c:\program files\iPod
2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files\iTunes
2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files (x86)\iTunes
2012-09-07 23:13 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-07 23:13 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-07 23:13 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-07 23:13 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-07 23:13 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-09-07 23:13 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-07 23:13 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-07 23:13 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-07 23:13 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-05 23:59 . 2012-06-22 11:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-05 23:17 . 2012-09-05 23:17 -------- d-----w- c:\users\Brianne Gallon\AppData\Local\Citrix
2012-09-05 00:16 . 2012-09-05 23:37 -------- d-----w- c:\programdata\PLAV
2012-09-05 00:16 . 2012-09-05 00:16 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-09-05 00:16 . 2012-09-05 23:51 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-09-03 13:53 . 2012-09-03 13:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-03 13:53 . 2012-09-03 13:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 22:54 . 2012-09-02 22:54 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-08-29 00:54 . 2011-07-20 17:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-08-29 00:52 . 2012-08-29 00:53 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-08-28 23:28 . 2012-08-28 23:28 -------- d-----w- c:\program files (x86)\Tiny Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 23:17 . 2012-05-21 19:15 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-19 23:17 . 2011-08-15 22:50 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 13:53 . 2012-05-18 13:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 13:53 . 2010-05-14 21:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:43 . 2010-03-22 19:47 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 17:01 . 2009-12-01 02:37 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2009-12-01 02:37 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 09:12 . 2012-07-09 02:06 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-13 12:41 . 2010-09-16 15:49 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 12:41 . 2010-09-16 15:49 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 12:41 . 2010-09-16 15:49 80800 ----a-w- c:\windows\system32\LMIinit.dll
2010-07-22 18:20 . 2010-07-22 18:31 115331072 ----a-w- c:\program files\Samsung New PC Studio.msi
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-19_23.46.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 08:32 . 2012-09-20 03:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-11-06 08:32 . 2012-09-19 23:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-11-06 08:32 . 2012-09-19 23:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-11-06 08:32 . 2012-09-20 03:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-20 03:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-19 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-19 22:57 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-20 20:42 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-19 22:57 3227648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-20 20:42 3227648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-20 20:42 12402688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-19 22:57 12402688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
c:\program files (x86)\Hot_MP3\tbHot_.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files (x86)\Hot_MP3\tbHot_.dll" [BU]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
R1 kwbbqbrf;kwbbqbrf;c:\windows\system32\drivers\kwbbqbrf.sys [x]
R1 prgcomff;prgcomff;c:\windows\system32\drivers\prgcomff.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoA cceleratorService.exe [2012-02-25 265928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 250288]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 227840]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 198528]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAVx64\1008000.029\SYMNDISV.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-02 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-01 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2011-08-23 488568]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-01 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 23:17]
.
2012-09-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-07 09:12]
.
2012-09-19 c:\windows\Tasks\HPCeeScheduleForBrianne Gallon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
z800bus
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.att.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"=hex:51,66,7a,6c,4c,1d,38,12,22,be,97,
97,26,93,87,0e,ff,e1,b5,67,70,4f,a0,e1
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,
ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d3,88,5c,07,52,bc,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\06\03\05\12\02["
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-20 19:40:34
ComboFix-quarantined-files.txt 2012-09-20 23:40
ComboFix2.txt 2012-09-19 23:51
ComboFix3.txt 2012-09-19 04:17
.
Pre-Run: 62,475,440,128 bytes free
Post-Run: 62,387,949,568 bytes free
.
- - End Of File - - 214BA21607726D5D8B06CFA58EED7DB1
Blade81's Avatar
Malware Removal Specialist with 891 posts.
  
Join Date: Oct 2006
Location: Finland
Experience: Advanced
22-Sep-2012, 01:16 PM #10
Hi,

Quote:
i still cannot get my itunes to connect to the store and update itself should i just uninstall and then reinstall it over again?
Yes, please try to reinstall it.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
avast!, hp pavillion dv7, windows 7, windows services.exe

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 05:48 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑