1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How do I get rid of this C:\Windows/System32/Services.exe Virus

Discussion in 'Virus & Other Malware Removal' started by mgoblue10, Sep 3, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. mgoblue10

    mgoblue10 Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    5
    Hello :confused:,

    I have avast antimalware right now, I used to have microsoft security essentials but I cannot download and open that service anymore due to this virus. I cannot open windows firewall I get the error: 0x8007042 code, windows will not update, itunes will not connect to the store or update either that how I knew something was wrong initially.
    When avast found these infected files, it could not move them to the chest, repair or delete them no matter what I did. These are the files that wont delete,
    C:\Windows\System32\Services.exe Win32:patched-AKC[Trj]
    C:\Windows\assembly\GAC_32\Desktop.ini Win32:Sirefef-PL[Rtk]
    C:\Windows\System32\Services.exe Win32:patched-AKC[Trj]
     
  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds file to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
     
  3. mgoblue10

    mgoblue10 Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    5
    It's ok no problem I am happy for the help with this very frustrating virus.
    here are the logs
     

    Attached Files:

  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    LimeWire

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  5. mgoblue10

    mgoblue10 Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    5
    hello,

    Thanks for getting back to me so fast. I had deleted limewire long ago annd did not realize it was still on my computer. I followed your instructions and disabled avast and ran combo fix. as soon as combo fix was done (it deleted and folder called basic scan) my windows updater started up again. I hope that is a good sign, here is the report/log from combofix

    ComboFix 12-09-18.07 - Brianne Gallon 09/18/2012 23:24:00.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1945 [GMT -4:00]
    Running from: c:\users\Brianne Gallon\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\59736b8ee716261350d89044c44ad54a_c
    c:\programdata\BasicScan
    c:\users\BRIANN~1\AppData\Local\Temp\nsl1601.tmp\System.dll
    c:\users\Brianne Gallon\AppData\Local\Temp\nsl1601.tmp\System.dll
    c:\users\Brianne Gallon\AppData\Roaming\inst.exe
    c:\users\Brianne Gallon\GoToAssistDownloadHelper.exe
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\@
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L\00000004.@
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L\1afb2d56
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\L\201d3dde
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\00000008.@
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz128A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1682.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz169A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18CA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18F2.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz191F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz194F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1980.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B2.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19BF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1C2D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D2A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D57.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D87.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D8A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1DAA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1F7F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2016.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2093.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz218.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2381.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23C1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23FC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz246A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz24B7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz258B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2591.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz25CA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz27C9.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2885.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2A16.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B56.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B92.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2BA2.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2DE5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2E44.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2EF2.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2F22.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz300.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3040.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz314F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz335F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz348C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3495.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34BB.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34C5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3573.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3583.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz35F5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3616.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3622.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3652.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3691.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz36D0.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3858.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz38CD.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz393B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3B5E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CBA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CDA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CEB.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3E8F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3EFE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3F99.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz406B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz409B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4257.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4267.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz43FE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46F5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46FC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz48C1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A25.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A46.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A48.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A49.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A4A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4DEF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz50A4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5164.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5433.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5772.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz58EB.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5905.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5906.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5B0A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CC7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CD7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CE4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5D08.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5DB5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E2E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E69.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E8C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E90.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6065.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60CA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60EA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz62DF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz634E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz636E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6371.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6372.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz63DA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz640.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6572.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz65B5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz662D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz664E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6664.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz670A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz671A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6860.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6864.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz68EC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz690E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6919.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C00.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C68.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C98.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6CA8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7002.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7273.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz72C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz72E1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7354.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7406.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7438.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7468.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76EA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76FA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7766.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A22.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A55.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7BC5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7CBD.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7D0C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7FFE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz80D8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz816F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8171.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz81D1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8211.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz839C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz83BC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8537.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz856C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85A1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85D4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85F4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8633.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz86A3.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz87DF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz886A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz887B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz88E8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B0B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B88.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C55.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C75.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CA5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CC4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8D2F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8DBF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8F0E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9020.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz904E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91B0.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91C7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91E7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz92B7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz94C5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz954D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz982B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9949.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9979.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9B2E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BDA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BFA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CDA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFB.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F15.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F55.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA03B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA475.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA495.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA566.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA698.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA6D8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA91A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB78.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB79.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzABDC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzADB4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF12.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF91.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAFFF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB24D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB31C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB394.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB4A1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB6EE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB71E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB723.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBA7.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB75.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB76.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB77.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBC20.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBC8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBCAD.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBDE8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF16.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF78.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF8B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF9B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC079.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0B2.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0C3.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC15A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC16A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC174.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC19F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2C6.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2D5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC395.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3E9.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3F9.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC4AF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC513.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC52.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC5AA.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC63.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC899.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC8E8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCA8B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCEC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCFE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD3E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD94.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCDCB.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCE76.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF2A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF4A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD00D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD01A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD079.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD10.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD296.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD30E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD408.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD4D2.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD4E3.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD604.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD615.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD799.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD887.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD922.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD942.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD970.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC20.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC50.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDDA8.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE17.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE66.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE0A.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE1E0.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE45B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FD.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE65E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7C5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7F4.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C6.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB19.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB97.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzECF9.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED3B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4B.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEE55.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEECF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF042.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF043.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF2D3.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF4CC.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5BE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5EE.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6CF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6E1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6F1.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF7BF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF81E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF8D.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C5.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C9.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFA5C.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB3E.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB4F.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB94.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB98.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFBDF.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD08.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD28.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD62.tmp
    c:\windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFE15.tmp
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    .
    Infected copy of c:\windows\system32\services.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache64\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\jstauffer\AppData\Local\temp
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\HP\AppData\Local\temp
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Granny\AppData\Local\temp
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-09-19 03:38 . 2012-09-19 03:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-09-19 03:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-09-19 03:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-09-19 03:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-09-19 03:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-09-19 03:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-09-16 19:47 . 2012-09-16 19:47 -------- d-----w- c:\users\Brianne Gallon\AppData\Roaming\Xilisoft
    2012-09-16 17:59 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-16 17:58 . 2012-09-16 17:58 -------- d-----w- c:\program files\iPod
    2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files\iTunes
    2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-07 23:13 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-09-07 23:13 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-07 23:13 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-09-07 23:13 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-09-07 23:13 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-09-07 23:13 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-07 23:13 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-07 23:13 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-07 23:13 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-09-05 23:59 . 2012-06-22 11:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
    2012-09-05 23:17 . 2012-09-05 23:17 -------- d-----w- c:\users\Brianne Gallon\AppData\Local\Citrix
    2012-09-05 00:16 . 2012-09-05 23:37 -------- d-----w- c:\programdata\PLAV
    2012-09-05 00:16 . 2012-09-05 00:16 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
    2012-09-05 00:16 . 2012-09-05 23:51 -------- d-----w- c:\program files (x86)\ParetoLogic
    2012-09-03 13:53 . 2012-09-03 13:53 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-03 13:53 . 2012-09-03 13:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-02 22:54 . 2012-09-02 22:54 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-09-02 07:33 . 2012-09-02 07:33 328704 ----a-w- c:\windows\system32\services.exe.24403E6BA043BC6D
    2012-09-02 07:26 . 2012-09-02 07:26 328704 ----a-w- c:\windows\system32\services.exe.B6E89061B1470347
    2012-09-02 07:13 . 2012-09-02 07:13 328704 ----a-w- c:\windows\system32\services.exe.9C002E3990F4BDE3
    2012-09-02 07:07 . 2012-09-02 07:07 328704 ----a-w- c:\windows\system32\services.exe.A328ADA0E9F2F6D0
    2012-09-02 06:40 . 2012-09-02 06:40 328704 ----a-w- c:\windows\system32\services.exe.4623CE54A7104A0E
    2012-09-02 06:36 . 2012-09-02 06:36 328704 ----a-w- c:\windows\system32\services.exe.7E10FD6BB45A7B32
    2012-09-02 06:31 . 2012-09-02 06:31 328704 ----a-w- c:\windows\system32\services.exe.BE6A9202314D47FE
    2012-09-02 06:27 . 2012-09-02 06:27 328704 ----a-w- c:\windows\system32\services.exe.F44E38FF253E53A4
    2012-09-02 06:23 . 2012-09-02 06:23 328704 ----a-w- c:\windows\system32\services.exe.E88327A2605261BA
    2012-08-29 00:54 . 2011-07-20 17:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
    2012-08-29 00:52 . 2012-08-29 00:53 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
    2012-08-28 23:28 . 2012-08-28 23:28 -------- d-----w- c:\program files (x86)\Tiny Media Player
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-03 13:53 . 2012-05-18 13:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-03 13:53 . 2010-05-14 21:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 04:43 . 2010-03-22 19:47 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-08-28 05:49 . 2012-09-19 03:12 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AD18C1-E94A-4776-86AC-EC6E38065EEA}\mpengine.dll
    2012-08-21 17:01 . 2009-12-01 02:37 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2009-12-01 02:37 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-21 09:12 . 2012-07-09 02:06 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-14 23:57 . 2012-05-21 19:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-14 23:57 . 2011-08-15 22:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-13 12:41 . 2010-09-16 15:49 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-07-13 12:41 . 2010-09-16 15:49 34720 ----a-w- c:\windows\system32\LMIport.dll
    2012-07-13 12:41 . 2010-09-16 15:49 80800 ----a-w- c:\windows\system32\LMIinit.dll
    2012-06-22 11:38 . 2012-06-22 11:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-06-22 11:36 . 2012-06-22 11:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-06-22 11:34 . 2012-06-22 11:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-07-22 18:20 . 2010-07-22 18:31 115331072 ----a-w- c:\program files\Samsung New PC Studio.msi
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 2 (0x2)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
    R1 kwbbqbrf;kwbbqbrf;c:\windows\system32\drivers\kwbbqbrf.sys [x]
    R1 prgcomff;prgcomff;c:\windows\system32\drivers\prgcomff.sys [x]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 227840]
    R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 198528]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAVx64\1008000.029\SYMNDISV.SYS [x]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-02 16392]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-01 55280]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2011-08-23 488568]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
    S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2012-02-25 265928]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-01 82816]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 23:57]
    .
    2012-09-07 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-07 09:12]
    .
    2012-09-19 c:\windows\Tasks\HPCeeScheduleForBrianne Gallon.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    z800bus
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.att.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    BHO-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files (x86)\Hot_MP3\tbHot_.dll
    Toolbar-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files (x86)\Hot_MP3\tbHot_.dll
    Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-LimeWire - c:\users\Brianne Gallon\Music\LimeWire\uninstall.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"=hex:51,66,7a,6c,4c,1d,38,12,22,be,97,
    97,26,93,87,0e,ff,e1,b5,67,70,4f,a0,e1
    "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
    0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
    34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
    6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,
    ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:d3,88,5c,07,52,bc,cc,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0c\06\03\05\12\02["
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-19 00:17:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-19 04:17
    .
    Pre-Run: 59,582,717,952 bytes free
    Post-Run: 60,900,847,616 bytes free
    .
    - - End Of File - - 30524A34EAB830BEAA07D862585E0217
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
    c:\windows\system32\services.exe.24403E6BA043BC6D
    c:\windows\system32\services.exe.B6E89061B1470347
    c:\windows\system32\services.exe.9C002E3990F4BDE3
    c:\windows\system32\services.exe.A328ADA0E9F2F6D0
    c:\windows\system32\services.exe.4623CE54A7104A0E
    c:\windows\system32\services.exe.7E10FD6BB45A7B32
    c:\windows\system32\services.exe.BE6A9202314D47FE
    c:\windows\system32\services.exe.F44E38FF253E53A4
    c:\windows\system32\services.exe.E88327A2605261BA
    

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

    [​IMG]

    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.



    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


    Uninstall this old Java: Java(TM) 6 Update 35


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.

    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
     
  7. mgoblue10

    mgoblue10 Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    5
    Hello and thanks again. Here are the logs 3 are attached.

    ESET
    C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\00000008.@.vir Win64/Agent.BA trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz128A.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1682.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz169A.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18CA.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz18F2.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz191F.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz194F.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B1.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19B2.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz19BF.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1C2D.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D2A.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D87.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1D8A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1DAA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz1F7F.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2016.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2093.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz218.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2381.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23C1.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz23FC.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz246A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz24B7.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2591.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz25CA.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2885.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2A16.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B56.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2B92.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2BA2.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2DE5.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz2EF2.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz300.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3040.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz314F.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz335F.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz348C.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3495.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34BB.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz34C5.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3573.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3583.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz35F5.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3616.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3622.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3652.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3691.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3858.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz38CD.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz393B.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3B5E.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CDA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3CEB.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3E8F.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3EFE.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz3F99.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz409B.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4257.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4267.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz43FE.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46F5.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz46FC.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz48C1.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A25.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A46.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A48.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A49.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4A4A.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4DEF.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2C.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F2D.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz4F7.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz50A4.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5164.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5433.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5772.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz58EB.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5905.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5906.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5B0A.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CC7.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CD7.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5CE4.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5D08.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5DB5.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E2E.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz5E69.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6065.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60CA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz60EA.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz62DF.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz634E.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz636E.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6371.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6372.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz63DA.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz640.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6572.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz65B5.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz662D.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz664E.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6664.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz670A.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz671A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A7.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz67A8.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6860.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6864.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz68EC.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz690E.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6919.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C00.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C68.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6C98.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz6CA8.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7002.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7273.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz72C.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7406.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7438.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7468.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76EA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz76FA.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7766.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A22.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7A55.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7BC5.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7CBD.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7D0C.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz7FFE.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz80D8.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8171.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz81D1.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8211.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz839C.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz83BC.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz856C.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85A1.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85D4.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz85F4.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz86A3.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz87DF.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz886A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz887B.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz88E8.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B0B.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8B88.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C55.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8C75.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CA5.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8CC4.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8D2F.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8DBF.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz8F0E.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9020.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz904E.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91B0.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91C7.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz91E7.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz92B7.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz94C5.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz954D.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz982B.tmp.vir Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9949.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9979.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9B2E.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BDA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9BFA.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CDA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFA.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9CFB.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F15.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trz9F55.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA03B.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA495.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA566.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA698.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA6D8.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzA91A.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB78.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAB79.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzABDC.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzADB4.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF12.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAF91.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzAFFF.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB24D.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB31C.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB394.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB4A1.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB6EE.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB71E.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzB723.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBA7.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB75.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB76.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBB77.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBC8.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBCAD.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBDE8.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF78.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF8B.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzBF9B.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC079.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0B2.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC0C3.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC15A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC16A.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC174.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC19F.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2C6.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC2D5.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC395.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3E9.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC3F9.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC4AF.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC513.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC52.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC5AA.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC63.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC899.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzC8E8.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCA8B.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCEC.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCCFE.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD3E.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCD94.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCDCB.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCE76.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF2A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzCF4A.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD00D.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD01A.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD079.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD10.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD296.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD30E.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43D.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD43E.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD4D2.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD604.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD615.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD799.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD887.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD922.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD942.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzD970.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC20.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDC50.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDDA8.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE17.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzDE66.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE0A.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE1E0.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43B.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE43C.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE45B.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FC.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE5FD.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE65E.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7C5.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE7F4.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C5.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzE8C6.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB19.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEB97.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzECF9.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED3B.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4B.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzED4C.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEE55.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzEECF.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF042.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF043.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF2D3.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF4CC.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5BE.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF5EE.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6D.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6E1.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF6F1.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF7BF.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF81E.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF8D.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C5.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzF9C9.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFA5C.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB3E.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB4F.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB94.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFB98.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFBDF.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD08.tmp.vir Win64/Conedex.C trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD28.tmp.vir Win64/Conedex.B trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFD62.tmp.vir Win64/Sirefef.AP trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{e9ea9d66-14e3-0f56-8bd3-2a7abea33c20}\U\trzFE15.tmp.vir a variant of Win32/Sirefef.FD trojan
    C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
    C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm HTML/ScrInject.B.Gen virus
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm HTML/ScrInject.B.Gen virus
     

    Attached Files:

  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm
    

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

    [​IMG]

    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log. How's the system running?
     
  9. mgoblue10

    mgoblue10 Thread Starter

    Joined:
    Sep 3, 2012
    Messages:
    5
    My computer is running much better. I got my windows firewall turned back on too which is great! I know this is a smaller issue but i still cannot get my itunes to connect to the store and update itself should i just uninstall and then reinstall it over again?

    ComboFix 12-09-20.02 - Brianne Gallon 09/20/2012 19:24:06.5.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1754 [GMT -4:00]
    Running from: c:\users\Brianne Gallon\Desktop\ComboFix.exe
    Command switches used :: c:\users\Brianne Gallon\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm"
    "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSQDA3YP\favorites[1].htm"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\jstauffer\AppData\Local\temp
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\HP\AppData\Local\temp
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Granny\AppData\Local\temp
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2012-09-20 23:36 . 2012-09-20 23:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-09-20 00:02 . 2012-09-20 00:02 -------- d-----w- c:\program files (x86)\ESET
    2012-09-19 23:07 . 2012-09-19 23:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AD18C1-E94A-4776-86AC-EC6E38065EEA}\offreg.dll
    2012-09-19 03:12 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AD18C1-E94A-4776-86AC-EC6E38065EEA}\mpengine.dll
    2012-09-19 03:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-09-19 03:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-09-19 03:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-09-19 03:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-09-19 03:12 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-09-16 19:47 . 2012-09-16 19:47 -------- d-----w- c:\users\Brianne Gallon\AppData\Roaming\Xilisoft
    2012-09-16 17:59 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-16 17:58 . 2012-09-16 17:58 -------- d-----w- c:\program files\iPod
    2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files\iTunes
    2012-09-16 17:58 . 2012-09-16 17:59 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-07 23:13 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-09-07 23:13 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-07 23:13 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-09-07 23:13 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-09-07 23:13 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-09-07 23:13 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-07 23:13 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-07 23:13 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-07 23:13 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-09-05 23:59 . 2012-06-22 11:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
    2012-09-05 23:17 . 2012-09-05 23:17 -------- d-----w- c:\users\Brianne Gallon\AppData\Local\Citrix
    2012-09-05 00:16 . 2012-09-05 23:37 -------- d-----w- c:\programdata\PLAV
    2012-09-05 00:16 . 2012-09-05 00:16 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
    2012-09-05 00:16 . 2012-09-05 23:51 -------- d-----w- c:\program files (x86)\ParetoLogic
    2012-09-03 13:53 . 2012-09-03 13:53 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-03 13:53 . 2012-09-03 13:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-02 22:54 . 2012-09-02 22:54 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-08-29 00:54 . 2011-07-20 17:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
    2012-08-29 00:52 . 2012-08-29 00:53 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
    2012-08-28 23:28 . 2012-08-28 23:28 -------- d-----w- c:\program files (x86)\Tiny Media Player
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-19 23:17 . 2012-05-21 19:15 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-19 23:17 . 2011-08-15 22:50 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-03 13:53 . 2012-05-18 13:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-03 13:53 . 2010-05-14 21:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 04:43 . 2010-03-22 19:47 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-08-21 17:01 . 2009-12-01 02:37 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2009-12-01 02:37 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-21 09:12 . 2012-07-09 02:06 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-13 12:41 . 2010-09-16 15:49 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-07-13 12:41 . 2010-09-16 15:49 34720 ----a-w- c:\windows\system32\LMIport.dll
    2012-07-13 12:41 . 2010-09-16 15:49 80800 ----a-w- c:\windows\system32\LMIinit.dll
    2010-07-22 18:20 . 2010-07-22 18:31 115331072 ----a-w- c:\program files\Samsung New PC Studio.msi
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-09-19_23.46.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-11-06 08:32 . 2012-09-20 03:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-06 08:32 . 2012-09-19 23:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-06 08:32 . 2012-09-19 23:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-11-06 08:32 . 2012-09-20 03:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-20 03:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-19 23:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-19 22:57 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-09-20 20:42 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-09-19 22:57 3227648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-20 20:42 3227648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-20 20:42 12402688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-19 22:57 12402688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
    c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
    c:\program files (x86)\Hot_MP3\tbHot_.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files (x86)\Hot_MP3\tbHot_.dll" [BU]
    "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 2 (0x2)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
    R1 kwbbqbrf;kwbbqbrf;c:\windows\system32\drivers\kwbbqbrf.sys [x]
    R1 prgcomff;prgcomff;c:\windows\system32\drivers\prgcomff.sys [x]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2012-02-25 265928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 250288]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 227840]
    R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 198528]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAVx64\1008000.029\SYMNDISV.SYS [x]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-02 16392]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-01 55280]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2011-08-23 488568]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-01 82816]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 23:17]
    .
    2012-09-07 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-07 09:12]
    .
    2012-09-19 c:\windows\Tasks\HPCeeScheduleForBrianne Gallon.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    z800bus
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.att.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"=hex:51,66,7a,6c,4c,1d,38,12,22,be,97,
    97,26,93,87,0e,ff,e1,b5,67,70,4f,a0,e1
    "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
    0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
    34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
    6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,
    ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:d3,88,5c,07,52,bc,cc,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0c\06\03\05\12\02["
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-20 19:40:34
    ComboFix-quarantined-files.txt 2012-09-20 23:40
    ComboFix2.txt 2012-09-19 23:51
    ComboFix3.txt 2012-09-19 04:17
    .
    Pre-Run: 62,475,440,128 bytes free
    Post-Run: 62,387,949,568 bytes free
    .
    - - End Of File - - 214BA21607726D5D8B06CFA58EED7DB1
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Yes, please try to reinstall it.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1067562