Cant run any antispyware programs (vista) and browser hijack

View previous topic View next topic Go down

Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 18th September 2009, 3:16 am

Hi, I have a machine running Vista that has been hijacked by spyware.

When the system first boots it only opens one folder with some files of mine in it and nothing else. No desktop, no icons, nothing. I get around this by opening task manager, opening a new process and running explorer.exe . There are other processes I dont know what they are running. sdra64.exe. I kill the proc. Also csrss.exe is running but I dont know if it should or shouldnt.

When the problem first appeared, the desktop had multiple porn links on it (youporn, etc). I have since delete and they have not returned.

Whenever I try searching on how to fix the machine on that computer, my browser is redirected when I try clicking on websites like this.

I try running sipyware such as combofix, smitfraudfix, malwarebytes, spybot, and hijackthis. They all run for a moment and then freeze or just disapear. Malwarebytes actually tells me that Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. But I am an admin.

Any help would be appreciated!!

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 18th September 2009, 3:36 am

I forgot to mention I get this error when combofix tries to run:

Some files could not be created.
Please close all applications, reboot Windows and restart this installation.

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Belahzur on 18th September 2009, 9:10 am

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 15th October 2009, 3:09 pm

Its been a long time since I have had time to work on this (lots of traveling, work, etc) but now I finally have some free time to give it another go. Here is what systemlook outputted:

Edit:
Also, if there is an easy way you can tell me what to look for in the output below that would be great. If its just something you need to know by doing though, I understand. I just appreciate the help!

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:03 on 15/10/2009 by Mana (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [18:15 28/11/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [18:15 28/11/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592384 bytes [18:16 28/11/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [18:16 28/11/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F

Searching for "eventlog.dll"
No files found.

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 62464 bytes [08:43 02/11/2006] [09:46 02/11/2006] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Belahzur on 15th October 2009, 5:02 pm

Hello.
Ill try to explain as easy as I can.

The reason most programs are blocked is malware infection, yes, but the malware is actually a windows system file that has been patched, so we have to take that out first.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 15th October 2009, 5:50 pm

Awesome, thanks for the help. So a couple more questions (if you dont mind). How did you know to go after these files first ?

scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll

Just default ones that could be causing the problem I'm guessing? Also, how did you know from the output above that cngaudit was our trouble file? Sorry to have so many questions, I just want to learn how to be able to do this on my own.

Anyways, here is the Avenger output:

#######################################################################

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\cngaudit.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 15th October 2009, 6:41 pm

Oh, by the way I can run cleaners now. Trying to clean this thing up. Thanks so much!! Anything you would suggest other than the following?

smitfraudfix
combofix
mawarebytes
spybot

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Belahzur on 15th October 2009, 7:52 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 15th October 2009, 9:59 pm

This is the log file I saved and then told it to remove the infected.

Malwarebytes scan log:

#################################################

Malwarebytes' Anti-Malware 1.41
Database version: 2968
Windows 6.0.6001 Service Pack 1 (Safe Mode)

10/15/2009 16:57:57
mbam-log-2009-10-15 (16-57-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227763
Time elapsed: 54 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\oincs.oinanalytics (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.dll (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\scmhux.exe (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\aahic.exe.vir (Spyware.Banker) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\tajf83ikdmf.dll.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\tapi.nfo.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\UACqrugqfvmpp.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\UACutotkmvvcp.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\wisdstr.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\wscsvc32.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\drivers\glaide32.sys.vir (Rootkit.Rustock) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\drivers\UACebpesxrtws.sys.vir (Trojan.TDSS.T) -> No action taken.

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Belahzur on 15th October 2009, 10:14 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Lydin on 15th October 2009, 10:28 pm

DDS.txt:

################################################################


DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Mana at 17:25:06.28 on Thu 10/15/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1917.1554 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *disabled* (Outdated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mana\Downloads\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Users\Mana\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [SpybotDeletingB934] command /c del "c:\program files\vnrblock\xtarga.gz"
dRunOnce: [SpybotDeletingD6674] cmd /c del "c:\program files\vnrblock\xtarga.gz"
dRunOnce: [SpybotDeletingB8614] command /c del "c:\program files\getpack\GetPack21.exe"
dRunOnce: [SpybotDeletingD431] cmd /c del "c:\program files\getpack\GetPack21.exe"
dRunOnce: [SpybotDeletingB3531] command /c del "c:\program files\getpack\GetPack22.exe"
dRunOnce: [SpybotDeletingD6384] cmd /c del "c:\program files\getpack\GetPack22.exe"
dRunOnce: [SpybotDeletingB9265] command /c del "c:\program files\getpack\GetPack24.exe"
dRunOnce: [SpybotDeletingD4169] cmd /c del "c:\program files\getpack\GetPack24.exe"
dRunOnce: [SpybotDeletingB8084] command /c del "c:\windows\system32\drivers\down\1023803.exe"
dRunOnce: [SpybotDeletingD7703] cmd /c del "c:\windows\system32\drivers\down\1023803.exe"
dRunOnce: [SpybotDeletingB1072] command /c del "c:\windows\system32\drivers\down\1024068.exe"
dRunOnce: [SpybotDeletingD7502] cmd /c del "c:\windows\system32\drivers\down\1024068.exe"
dRunOnce: [SpybotDeletingB5524] command /c del "c:\windows\system32\drivers\down\1025815.exe"
dRunOnce: [SpybotDeletingD3434] cmd /c del "c:\windows\system32\drivers\down\1025815.exe"
dRunOnce: [SpybotDeletingB6637] command /c del "c:\windows\system32\drivers\down\1030417.exe"
dRunOnce: [SpybotDeletingD7866] cmd /c del "c:\windows\system32\drivers\down\1030417.exe"
dRunOnce: [SpybotDeletingB6500] command /c del "c:\windows\system32\drivers\down\1040136.exe"
dRunOnce: [SpybotDeletingD6139] cmd /c del "c:\windows\system32\drivers\down\1040136.exe"
dRunOnce: [SpybotDeletingB7398] command /c del "c:\windows\system32\drivers\down\1046782.exe"
dRunOnce: [SpybotDeletingD2808] cmd /c del "c:\windows\system32\drivers\down\1046782.exe"
dRunOnce: [SpybotDeletingB3616] command /c del "c:\windows\system32\drivers\down\1047219.exe"
dRunOnce: [SpybotDeletingD5224] cmd /c del "c:\windows\system32\drivers\down\1047219.exe"
dRunOnce: [SpybotDeletingB5556] command /c del "c:\windows\system32\drivers\down\1050838.exe"
dRunOnce: [SpybotDeletingD1664] cmd /c del "c:\windows\system32\drivers\down\1050838.exe"
dRunOnce: [SpybotDeletingB6328] command /c del "c:\windows\system32\drivers\down\1121506.exe"
dRunOnce: [SpybotDeletingD4343] cmd /c del "c:\windows\system32\drivers\down\1121506.exe"
dRunOnce: [SpybotDeletingB97] command /c del "c:\windows\system32\drivers\down\1165577.exe"
dRunOnce: [SpybotDeletingD4108] cmd /c del "c:\windows\system32\drivers\down\1165577.exe"
dRunOnce: [SpybotDeletingB9422] command /c del "c:\windows\system32\drivers\down\1174391.exe"
dRunOnce: [SpybotDeletingD1788] cmd /c del "c:\windows\system32\drivers\down\1174391.exe"
dRunOnce: [SpybotDeletingB62] command /c del "c:\windows\system32\drivers\down\1180256.exe"
dRunOnce: [SpybotDeletingD5241] cmd /c del "c:\windows\system32\drivers\down\1180256.exe"
dRunOnce: [SpybotDeletingB1553] command /c del "c:\windows\system32\drivers\down\1190552.exe"
dRunOnce: [SpybotDeletingD332] cmd /c del "c:\windows\system32\drivers\down\1190552.exe"
dRunOnce: [SpybotDeletingB5893] command /c del "c:\windows\system32\drivers\down\1228929.exe"
dRunOnce: [SpybotDeletingD4808] cmd /c del "c:\windows\system32\drivers\down\1228929.exe"
dRunOnce: [SpybotDeletingB380] command /c del "c:\windows\system32\drivers\down\1355196.exe"
dRunOnce: [SpybotDeletingD8414] cmd /c del "c:\windows\system32\drivers\down\1355196.exe"
dRunOnce: [SpybotDeletingB2998] command /c del "c:\windows\system32\drivers\down\1362247.exe"
dRunOnce: [SpybotDeletingD4228] cmd /c del "c:\windows\system32\drivers\down\4452174.exe"
dRunOnce: [SpybotDeletingB3271] command /c del "c:\windows\system32\drivers\down\1416364.exe"
dRunOnce: [SpybotDeletingD8896] cmd /c del "c:\windows\system32\drivers\down\1416364.exe"
dRunOnce: [SpybotDeletingB466] command /c del "c:\windows\system32\drivers\down\1424507.exe"
dRunOnce: [SpybotDeletingD4532] cmd /c del "c:\windows\system32\drivers\down\1424507.exe"
dRunOnce: [SpybotDeletingB1094] command /c del "c:\windows\system32\drivers\down\1425505.exe"
dRunOnce: [SpybotDeletingD63] cmd /c del "c:\windows\system32\drivers\down\1425505.exe"
dRunOnce: [SpybotDeletingB5706] command /c del "c:\windows\system32\drivers\down\1632753.exe"
dRunOnce: [SpybotDeletingD1816] cmd /c del "c:\windows\system32\drivers\down\1632753.exe"
dRunOnce: [SpybotDeletingB3066] command /c del "c:\windows\system32\drivers\down\1686589.exe"
dRunOnce: [SpybotDeletingD7553] cmd /c del "c:\windows\system32\drivers\down\1686589.exe"
dRunOnce: [SpybotDeletingB1537] command /c del "c:\windows\system32\drivers\down\1693312.exe"
dRunOnce: [SpybotDeletingD7382] cmd /c del "c:\windows\system32\drivers\down\1693312.exe"
dRunOnce: [SpybotDeletingB5570] command /c del "c:\windows\system32\drivers\down\1697649.exe"
dRunOnce: [SpybotDeletingD6979] cmd /c del "c:\windows\system32\drivers\down\1697649.exe"
dRunOnce: [SpybotDeletingB7698] command /c del "c:\windows\system32\drivers\down\1713951.exe"
dRunOnce: [SpybotDeletingD9823] cmd /c del "c:\windows\system32\drivers\down\1713951.exe"
dRunOnce: [SpybotDeletingB9300] command /c del "c:\windows\system32\drivers\down\1739286.exe"
dRunOnce: [SpybotDeletingD1920] cmd /c del "c:\windows\system32\drivers\down\1739286.exe"
dRunOnce: [SpybotDeletingB5008] command /c del "c:\windows\system32\drivers\down\1744871.exe"
dRunOnce: [SpybotDeletingD3859] cmd /c del "c:\windows\system32\drivers\down\1744871.exe"
dRunOnce: [SpybotDeletingB5123] command /c del "c:\windows\system32\drivers\down\1755494.exe"
dRunOnce: [SpybotDeletingD7632] cmd /c del "c:\windows\system32\drivers\down\1755494.exe"
dRunOnce: [SpybotDeletingB4214] command /c del "c:\windows\system32\drivers\down\1764605.exe"
dRunOnce: [SpybotDeletingD4686] cmd /c del "c:\windows\system32\drivers\down\1764605.exe"
dRunOnce: [SpybotDeletingB7388] command /c del "c:\windows\system32\drivers\down\1778817.exe"
dRunOnce: [SpybotDeletingD4499] cmd /c del "c:\windows\system32\drivers\down\1778817.exe"
dRunOnce: [SpybotDeletingB2054] command /c del "c:\windows\system32\drivers\down\1802388.exe"
dRunOnce: [SpybotDeletingD5598] cmd /c del "c:\windows\system32\drivers\down\1802388.exe"
dRunOnce: [SpybotDeletingB8041] command /c del "c:\windows\system32\drivers\down\1810017.exe"
dRunOnce: [SpybotDeletingD5022] cmd /c del "c:\windows\system32\drivers\down\1810017.exe"
dRunOnce: [SpybotDeletingB2065] command /c del "c:\windows\system32\drivers\down\1815617.exe"
dRunOnce: [SpybotDeletingD6473] cmd /c del "c:\windows\system32\drivers\down\1815617.exe"
dRunOnce: [SpybotDeletingB4193] command /c del "c:\windows\system32\drivers\down\1825227.exe"
dRunOnce: [SpybotDeletingD8693] cmd /c del "c:\windows\system32\drivers\down\1825227.exe"
dRunOnce: [SpybotDeletingB15] command /c del "c:\windows\system32\drivers\down\1839828.exe"
dRunOnce: [SpybotDeletingD7072] cmd /c del "c:\windows\system32\drivers\down\1839828.exe"
dRunOnce: [SpybotDeletingB2635] command /c del "c:\windows\system32\drivers\down\1845101.exe"
dRunOnce: [SpybotDeletingD5892] cmd /c del "c:\windows\system32\drivers\down\1845101.exe"
dRunOnce: [SpybotDeletingB119] command /c del "c:\windows\system32\drivers\down\1846817.exe"
dRunOnce: [SpybotDeletingD8780] cmd /c del "c:\windows\system32\drivers\down\1846817.exe"
dRunOnce: [SpybotDeletingB9857] command /c del "c:\windows\system32\drivers\down\7704842.exe"
dRunOnce: [SpybotDeletingD8905] cmd /c del "c:\windows\system32\drivers\down\1848970.exe"
dRunOnce: [SpybotDeletingB9136] command /c del "c:\windows\system32\drivers\down\1851357.exe"
dRunOnce: [SpybotDeletingD8856] cmd /c del "c:\windows\system32\drivers\down\1851357.exe"
dRunOnce: [SpybotDeletingB6833] command /c del "c:\windows\system32\drivers\down\1859875.exe"
dRunOnce: [SpybotDeletingD3031] cmd /c del "c:\windows\system32\drivers\down\1859875.exe"
dRunOnce: [SpybotDeletingB796] command /c del "c:\windows\system32\drivers\down\1862839.exe"
dRunOnce: [SpybotDeletingD4504] cmd /c del "c:\windows\system32\drivers\down\1862839.exe"
dRunOnce: [SpybotDeletingB9028] command /c del "c:\windows\system32\drivers\down\1902151.exe"
dRunOnce: [SpybotDeletingD6861] cmd /c del "c:\windows\system32\drivers\down\1902151.exe"
dRunOnce: [SpybotDeletingB9931] command /c del "c:\windows\system32\drivers\down\1921869.exe"
dRunOnce: [SpybotDeletingD8767] cmd /c del "c:\windows\system32\drivers\down\1921869.exe"
dRunOnce: [SpybotDeletingB8661] command /c del "c:\windows\system32\drivers\down\1932540.exe"
dRunOnce: [SpybotDeletingD5066] cmd /c del "c:\windows\system32\drivers\down\1932540.exe"
dRunOnce: [SpybotDeletingB9734] command /c del "c:\windows\system32\drivers\down\1945176.exe"
dRunOnce: [SpybotDeletingD9592] cmd /c del "c:\windows\system32\drivers\down\1945176.exe"
dRunOnce: [SpybotDeletingB6827] command /c del "c:\windows\system32\drivers\down\1947079.exe"
dRunOnce: [SpybotDeletingD6015] cmd /c del "c:\windows\system32\drivers\down\1947079.exe"
dRunOnce: [SpybotDeletingB4505] command /c del "c:\windows\system32\drivers\down\2366035.exe"
dRunOnce: [SpybotDeletingD1723] cmd /c del "c:\windows\system32\drivers\down\2366035.exe"
dRunOnce: [SpybotDeletingB1882] command /c del "c:\windows\system32\drivers\down\2367845.exe"
dRunOnce: [SpybotDeletingD7096] cmd /c del "c:\windows\system32\drivers\down\2367845.exe"
dRunOnce: [SpybotDeletingB6917] command /c del "c:\windows\system32\drivers\down\2428342.exe"
dRunOnce: [SpybotDeletingD2824] cmd /c del "c:\windows\system32\drivers\down\2428342.exe"
dRunOnce: [SpybotDeletingB4384] command /c del "c:\windows\system32\drivers\down\2431072.exe"
dRunOnce: [SpybotDeletingD7925] cmd /c del "c:\windows\system32\drivers\down\2431072.exe"
dRunOnce: [SpybotDeletingB9130] command /c del "c:\windows\system32\drivers\down\2439169.exe"
dRunOnce: [SpybotDeletingD8001] cmd /c del "c:\windows\system32\drivers\down\2439169.exe"
dRunOnce: [SpybotDeletingB7307] command /c del "c:\windows\system32\drivers\down\2444301.exe"
dRunOnce: [SpybotDeletingD6067] cmd /c del "c:\windows\system32\drivers\down\2444301.exe"
dRunOnce: [SpybotDeletingB2267] command /c del "c:\windows\system32\drivers\down\2450120.exe"
dRunOnce: [SpybotDeletingD5849] cmd /c del "c:\windows\system32\drivers\down\2450120.exe"
dRunOnce: [SpybotDeletingB8714] command /c del "c:\windows\system32\drivers\down\2468419.exe"
dRunOnce: [SpybotDeletingD9201] cmd /c del "c:\windows\system32\drivers\down\2468419.exe"
dRunOnce: [SpybotDeletingB4281] command /c del "c:\windows\system32\drivers\down\2474160.exe"
dRunOnce: [SpybotDeletingD2788] cmd /c del "c:\windows\system32\drivers\down\2474160.exe"
dRunOnce: [SpybotDeletingB2814] command /c del "c:\windows\system32\drivers\down\2504143.exe"
dRunOnce: [SpybotDeletingD2028] cmd /c del "c:\windows\system32\drivers\down\2504143.exe"
dRunOnce: [SpybotDeletingB3819] command /c del "c:\windows\system32\drivers\down\2509572.exe"
dRunOnce: [SpybotDeletingD8216] cmd /c del "c:\windows\system32\drivers\down\2509572.exe"
dRunOnce: [SpybotDeletingB816] command /c del "c:\windows\system32\drivers\down\2510368.exe"
dRunOnce: [SpybotDeletingD3214] cmd /c del "c:\windows\system32\drivers\down\2510368.exe"
dRunOnce: [SpybotDeletingB7771] command /c del "c:\windows\system32\drivers\down\2513113.exe"
dRunOnce: [SpybotDeletingD6450] cmd /c del "c:\windows\system32\drivers\down\2513113.exe"
dRunOnce: [SpybotDeletingB3394] command /c del "c:\windows\system32\drivers\down\2514767.exe"
dRunOnce: [SpybotDeletingD6892] cmd /c del "c:\windows\system32\drivers\down\2514767.exe"
dRunOnce: [SpybotDeletingB8363] command /c del "c:\windows\system32\drivers\down\2520492.exe"
dRunOnce: [SpybotDeletingD7419] cmd /c del "c:\windows\system32\drivers\down\2520492.exe"
dRunOnce: [SpybotDeletingB4774] command /c del "c:\windows\system32\drivers\down\2533924.exe"
dRunOnce: [SpybotDeletingD8984] cmd /c del "c:\windows\system32\drivers\down\2533924.exe"
dRunOnce: [SpybotDeletingB8550] command /c del "c:\windows\system32\drivers\down\2544235.exe"
dRunOnce: [SpybotDeletingD7060] cmd /c del "c:\windows\system32\drivers\down\2544235.exe"
dRunOnce: [SpybotDeletingB5949] command /c del "c:\windows\system32\drivers\down\2547199.exe"
dRunOnce: [SpybotDeletingD4981] cmd /c del "c:\windows\system32\drivers\down\2547199.exe"
dRunOnce: [SpybotDeletingB2756] command /c del "c:\windows\system32\drivers\down\2556216.exe"
dRunOnce: [SpybotDeletingD404] cmd /c del "c:\windows\system32\drivers\down\2556216.exe"
dRunOnce: [SpybotDeletingB5662] command /c del "c:\windows\system32\drivers\down\4267422.exe"
dRunOnce: [SpybotDeletingD4887] cmd /c del "c:\windows\system32\drivers\down\2560818.exe"
dRunOnce: [SpybotDeletingB8747] command /c del "c:\windows\system32\drivers\down\2566029.exe"
dRunOnce: [SpybotDeletingD4106] cmd /c del "c:\windows\system32\drivers\down\2566029.exe"
dRunOnce: [SpybotDeletingB9284] command /c del "c:\windows\system32\drivers\down\2566122.exe"
dRunOnce: [SpybotDeletingD1103] cmd /c del "c:\windows\system32\drivers\down\2566122.exe"
dRunOnce: [SpybotDeletingB3761] command /c del "c:\windows\system32\drivers\down\2567090.exe"
dRunOnce: [SpybotDeletingD8766] cmd /c del "c:\windows\system32\drivers\down\2567090.exe"
dRunOnce: [SpybotDeletingB480] command /c del "c:\windows\system32\drivers\down\2570022.exe"
dRunOnce: [SpybotDeletingD6512] cmd /c del "c:\windows\system32\drivers\down\2570022.exe"
dRunOnce: [SpybotDeletingB2354] command /c del "c:\windows\system32\drivers\down\2584125.exe"
dRunOnce: [SpybotDeletingD8320] cmd /c del "c:\windows\system32\drivers\down\2584125.exe"
dRunOnce: [SpybotDeletingB9676] command /c del "c:\windows\system32\drivers\down\2586044.exe"
dRunOnce: [SpybotDeletingD276] cmd /c del "c:\windows\system32\drivers\down\2586044.exe"
dRunOnce: [SpybotDeletingB5839] command /c del "c:\windows\system32\drivers\down\2590147.exe"
dRunOnce: [SpybotDeletingD6351] cmd /c del "c:\windows\system32\drivers\down\2590147.exe"
dRunOnce: [SpybotDeletingB2202] command /c del "c:\windows\system32\drivers\down\2593282.exe"
dRunOnce: [SpybotDeletingD1626] cmd /c del "c:\windows\system32\drivers\down\2593282.exe"
dRunOnce: [SpybotDeletingB7261] command /c del "c:\windows\system32\drivers\down\2595139.exe"
dRunOnce: [SpybotDeletingD5631] cmd /c del "c:\windows\system32\drivers\down\2595139.exe"
dRunOnce: [SpybotDeletingB3158] command /c del "c:\windows\system32\drivers\down\2599117.exe"
dRunOnce: [SpybotDeletingD4780] cmd /c del "c:\windows\system32\drivers\down\2599117.exe"
dRunOnce: [SpybotDeletingB6852] command /c del "c:\windows\system32\drivers\down\2602798.exe"
dRunOnce: [SpybotDeletingD9105] cmd /c del "c:\windows\system32\drivers\down\2602798.exe"
dRunOnce: [SpybotDeletingB452] command /c del "c:\windows\system32\drivers\down\2611768.exe"
dRunOnce: [SpybotDeletingD9605] cmd /c del "c:\windows\system32\drivers\down\2611768.exe"
dRunOnce: [SpybotDeletingB8658] command /c del "c:\windows\system32\drivers\down\2612689.exe"
dRunOnce: [SpybotDeletingD2508] cmd /c del "c:\windows\system32\drivers\down\2612689.exe"
dRunOnce: [SpybotDeletingB3680] command /c del "c:\windows\system32\drivers\down\2636510.exe"
dRunOnce: [SpybotDeletingD4725] cmd /c del "c:\windows\system32\drivers\down\2636510.exe"
dRunOnce: [SpybotDeletingB6628] command /c del "c:\windows\system32\drivers\down\2637867.exe"
dRunOnce: [SpybotDeletingD7874] cmd /c del "c:\windows\system32\drivers\down\2637867.exe"
dRunOnce: [SpybotDeletingB2546] command /c del "c:\windows\system32\drivers\down\2641284.exe"
dRunOnce: [SpybotDeletingD6575] cmd /c del "c:\windows\system32\drivers\down\2641284.exe"
dRunOnce: [SpybotDeletingB7434] command /c del "c:\windows\system32\drivers\down\2684059.exe"
dRunOnce: [SpybotDeletingD1556] cmd /c del "c:\windows\system32\drivers\down\2684059.exe"
dRunOnce: [SpybotDeletingB8557] command /c del "c:\windows\system32\drivers\down\2726086.exe"
dRunOnce: [SpybotDeletingD8746] cmd /c del "c:\windows\system32\drivers\down\2726086.exe"
dRunOnce: [SpybotDeletingB4499] command /c del "c:\windows\system32\drivers\down\2731998.exe"
dRunOnce: [SpybotDeletingD3697] cmd /c del "c:\windows\system32\drivers\down\2731998.exe"
dRunOnce: [SpybotDeletingB4016] command /c del "c:\windows\system32\drivers\down\2737926.exe"
dRunOnce: [SpybotDeletingD746] cmd /c del "c:\windows\system32\drivers\down\2737926.exe"
dRunOnce: [SpybotDeletingB9426] command /c del "c:\windows\system32\drivers\down\2742715.exe"
dRunOnce: [SpybotDeletingD9563] cmd /c del "c:\windows\system32\drivers\down\2742715.exe"
dRunOnce: [SpybotDeletingB8048] command /c del "c:\windows\system32\drivers\down\2743043.exe"
dRunOnce: [SpybotDeletingD501] cmd /c del "c:\windows\system32\drivers\down\2743043.exe"
dRunOnce: [SpybotDeletingB7826] command /c del "c:\windows\system32\drivers\down\3397280.exe"
dRunOnce: [SpybotDeletingD7277] cmd /c del "c:\windows\system32\drivers\down\3397280.exe"
dRunOnce: [SpybotDeletingB2264] command /c del "c:\windows\system32\drivers\down\3417903.exe"
dRunOnce: [SpybotDeletingD3826] cmd /c del "c:\windows\system32\drivers\down\3417903.exe"
dRunOnce: [SpybotDeletingB5154] command /c del "c:\windows\system32\drivers\down\3421585.exe"
dRunOnce: [SpybotDeletingD9937] cmd /c del "c:\windows\system32\drivers\down\3421585.exe"
dRunOnce: [SpybotDeletingB3222] command /c del "c:\windows\system32\drivers\down\3426249.exe"
dRunOnce: [SpybotDeletingD5114] cmd /c del "c:\windows\system32\drivers\down\3426249.exe"
dRunOnce: [SpybotDeletingB6984] command /c del "c:\windows\system32\drivers\down\3446857.exe"
dRunOnce: [SpybotDeletingD2971] cmd /c del "c:\windows\system32\drivers\down\3446857.exe"
dRunOnce: [SpybotDeletingB930] command /c del "c:\windows\system32\drivers\down\3491224.exe"
dRunOnce: [SpybotDeletingD9769] cmd /c del "c:\windows\system32\drivers\down\3491224.exe"
dRunOnce: [SpybotDeletingB1272] command /c del "c:\windows\system32\drivers\down\3497464.exe"
dRunOnce: [SpybotDeletingD2983] cmd /c del "c:\windows\system32\drivers\down\3497464.exe"
dRunOnce: [SpybotDeletingB692] command /c del "c:\windows\system32\drivers\down\3503330.exe"
dRunOnce: [SpybotDeletingD985] cmd /c del "c:\windows\system32\drivers\down\3503330.exe"
dRunOnce: [SpybotDeletingB3515] command /c del "c:\windows\system32\drivers\down\3506840.exe"
dRunOnce: [SpybotDeletingD4333] cmd /c del "c:\windows\system32\drivers\down\3506840.exe"
dRunOnce: [SpybotDeletingB4029] command /c del "c:\windows\system32\drivers\down\3509102.exe"
dRunOnce: [SpybotDeletingD1041] cmd /c del "c:\windows\system32\drivers\down\3509102.exe"
dRunOnce: [SpybotDeletingB6173] command /c del "c:\windows\system32\drivers\down\3511582.exe"
dRunOnce: [SpybotDeletingD9609] cmd /c del "c:\windows\system32\drivers\down\3511582.exe"
dRunOnce: [SpybotDeletingB5669] command /c del "c:\windows\system32\drivers\down\3514094.exe"
dRunOnce: [SpybotDeletingD3166] cmd /c del "c:\windows\system32\drivers\down\3514094.exe"
dRunOnce: [SpybotDeletingB2850] command /c del "c:\windows\system32\drivers\down\3514421.exe"
dRunOnce: [SpybotDeletingD3067] cmd /c del "c:\windows\system32\drivers\down\3514421.exe"
dRunOnce: [SpybotDeletingB1798] command /c del "c:\windows\system32\drivers\down\3540707.exe"
dRunOnce: [SpybotDeletingD1354] cmd /c del "c:\windows\system32\drivers\down\3540707.exe"
dRunOnce: [SpybotDeletingB1843] command /c del "c:\windows\system32\drivers\down\3542330.exe"
dRunOnce: [SpybotDeletingD3941] cmd /c del "c:\windows\system32\drivers\down\3542330.exe"
dRunOnce: [SpybotDeletingB863] command /c del "c:\windows\system32\drivers\down\3544826.exe"
dRunOnce: [SpybotDeletingD7421] cmd /c del "c:\windows\system32\drivers\down\3544826.exe"
dRunOnce: [SpybotDeletingB325] command /c del "c:\windows\system32\drivers\down\3546823.exe"
dRunOnce: [SpybotDeletingD1902] cmd /c del "c:\windows\system32\drivers\down\3546823.exe"
dRunOnce: [SpybotDeletingB5238] command /c del "c:\windows\system32\drivers\down\3551721.exe"
dRunOnce: [SpybotDeletingD232] cmd /c del "c:\windows\system32\drivers\down\3551721.exe"
dRunOnce: [SpybotDeletingB3056] command /c del "c:\windows\system32\drivers\down\3553172.exe"
dRunOnce: [SpybotDeletingD6000] cmd /c del "c:\windows\system32\drivers\down\3553172.exe"
dRunOnce: [SpybotDeletingB4054] command /c del "c:\windows\system32\drivers\down\3557103.exe"
dRunOnce: [SpybotDeletingD8227] cmd /c del "c:\windows\system32\drivers\down\3557103.exe"
dRunOnce: [SpybotDeletingB2706] command /c del "c:\windows\system32\drivers\down\3560707.exe"
dRunOnce: [SpybotDeletingD6991] cmd /c del "c:\windows\system32\drivers\down\3560707.exe"
dRunOnce: [SpybotDeletingB5831] command /c del "c:\windows\system32\drivers\down\3613685.exe"
dRunOnce: [SpybotDeletingD5868] cmd /c del "c:\windows\system32\drivers\down\3613685.exe"
dRunOnce: [SpybotDeletingB1543] command /c del "c:\windows\system32\drivers\down\3619301.exe"
dRunOnce: [SpybotDeletingD5554] cmd /c del "c:\windows\system32\drivers\down\3619301.exe"
dRunOnce: [SpybotDeletingB9768] command /c del "c:\windows\system32\drivers\down\3629051.exe"
dRunOnce: [SpybotDeletingD3950] cmd /c del "c:\windows\system32\drivers\down\3629051.exe"
dRunOnce: [SpybotDeletingB9710] command /c del "c:\windows\system32\drivers\down\3635135.exe"
dRunOnce: [SpybotDeletingD2642] cmd /c del "c:\windows\system32\drivers\down\3635135.exe"
dRunOnce: [SpybotDeletingB4931] command /c del "c:\windows\system32\drivers\down\3635494.exe"
dRunOnce: [SpybotDeletingD6763] cmd /c del "c:\windows\system32\drivers\down\3635494.exe"
dRunOnce: [SpybotDeletingB13] command /c del "c:\windows\system32\drivers\down\3812570.exe"
dRunOnce: [SpybotDeletingD5897] cmd /c del "c:\windows\system32\drivers\down\3812570.exe"
dRunOnce: [SpybotDeletingB6322] command /c del "c:\windows\system32\drivers\down\3813850.exe"
dRunOnce: [SpybotDeletingD3178] cmd /c del "c:\windows\system32\drivers\down\3813850.exe"
dRunOnce: [SpybotDeletingB379] command /c del "c:\windows\system32\drivers\down\3818670.exe"
dRunOnce: [SpybotDeletingD4435] cmd /c del "c:\windows\system32\drivers\down\3818670.exe"
dRunOnce: [SpybotDeletingB5955] command /c del "c:\windows\system32\drivers\down\3857171.exe"
dRunOnce: [SpybotDeletingD5349] cmd /c del "c:\windows\system32\drivers\down\3857171.exe"
dRunOnce: [SpybotDeletingB2047] command /c del "c:\windows\system32\drivers\down\3871648.exe"
dRunOnce: [SpybotDeletingD1908] cmd /c del "c:\windows\system32\drivers\down\3871648.exe"
dRunOnce: [SpybotDeletingB2780] command /c del "c:\windows\system32\drivers\down\3875922.exe"
dRunOnce: [SpybotDeletingD590] cmd /c del "c:\windows\system32\drivers\down\3875922.exe"
dRunOnce: [SpybotDeletingB9134] command /c del "c:\windows\system32\drivers\down\3877326.exe"
dRunOnce: [SpybotDeletingD5600] cmd /c del "c:\windows\system32\drivers\down\3877326.exe"
dRunOnce: [SpybotDeletingB8131] command /c del "c:\windows\system32\drivers\down\3884222.exe"
dRunOnce: [SpybotDeletingD5215] cmd /c del "c:\windows\system32\drivers\down\3884222.exe"
dRunOnce: [SpybotDeletingB3335] command /c del "c:\windows\system32\drivers\down\3888106.exe"
dRunOnce: [SpybotDeletingD6283] cmd /c del "c:\windows\system32\drivers\down\3888106.exe"
dRunOnce: [SpybotDeletingB6225] command /c del "c:\windows\system32\drivers\down\4441816.exe"
dRunOnce: [SpybotDeletingD7927] cmd /c del "c:\windows\system32\drivers\down\3899244.exe"
dRunOnce: [SpybotDeletingB2166] command /c del "c:\windows\system32\drivers\down\3901413.exe"
dRunOnce: [SpybotDeletingD493] cmd /c del "c:\windows\system32\drivers\down\3901413.exe"
dRunOnce: [SpybotDeletingB9288] command /c del "c:\windows\system32\drivers\down\3905329.exe"
dRunOnce: [SpybotDeletingD4742] cmd /c del "c:\windows\system32\drivers\down\3905329.exe"
dRunOnce: [SpybotDeletingB3688] command /c del "c:\windows\system32\drivers\down\3907310.exe"
dRunOnce: [SpybotDeletingD9017] cmd /c del "c:\windows\system32\drivers\down\3907310.exe"
dRunOnce: [SpybotDeletingB9035] command /c del "c:\windows\system32\drivers\down\3911584.exe"
dRunOnce: [SpybotDeletingD202] cmd /c del "c:\windows\system32\drivers\down\3911584.exe"
dRunOnce: [SpybotDeletingB443] command /c del "c:\windows\system32\drivers\down\3934891.exe"
dRunOnce: [SpybotDeletingD3017] cmd /c del "c:\windows\system32\drivers\down\3934891.exe"
dRunOnce: [SpybotDeletingB6033] command /c del "c:\windows\system32\drivers\down\3938354.exe"
dRunOnce: [SpybotDeletingD6536] cmd /c del "c:\windows\system32\drivers\down\3938354.exe"
dRunOnce: [SpybotDeletingB5794] command /c del "c:\windows\system32\drivers\down\3983641.exe"
dRunOnce: [SpybotDeletingD2875] cmd /c del "c:\windows\system32\drivers\down\3983641.exe"
dRunOnce: [SpybotDeletingB5426] command /c del "c:\windows\system32\drivers\down\3988539.exe"
dRunOnce: [SpybotDeletingD5934] cmd /c del "c:\windows\system32\drivers\down\3988539.exe"
dRunOnce: [SpybotDeletingB4199] command /c del "c:\windows\system32\drivers\down\3993765.exe"
dRunOnce: [SpybotDeletingD865] cmd /c del "c:\windows\system32\drivers\down\3993765.exe"
dRunOnce: [SpybotDeletingB7991] command /c del "c:\windows\system32\drivers\down\3996932.exe"
dRunOnce: [SpybotDeletingD1690] cmd /c del "c:\windows\system32\drivers\down\3996932.exe"
dRunOnce: [SpybotDeletingB1030] command /c del "c:\windows\system32\drivers\down\3997338.exe"
dRunOnce: [SpybotDeletingD3179] cmd /c del "c:\windows\system32\drivers\down\3997338.exe"
dRunOnce: [SpybotDeletingD5856] cmd /c del "c:\windows\system32\drivers\down\4267422.exe"
dRunOnce: [SpybotDeletingB2073] command /c del "c:\windows\system32\drivers\down\4273865.exe"
dRunOnce: [SpybotDeletingD4538] cmd /c del "c:\windows\system32\drivers\down\4273865.exe"
dRunOnce: [SpybotDeletingB6366] command /c del "c:\windows\system32\drivers\down\4277173.exe"
dRunOnce: [SpybotDeletingD4168] cmd /c del "c:\windows\system32\drivers\down\4277173.exe"
dRunOnce: [SpybotDeletingB5381] command /c del "c:\windows\system32\drivers\down\4313817.exe"
dRunOnce: [SpybotDeletingD6751] cmd /c del "c:\windows\system32\drivers\down\4313817.exe"
dRunOnce: [SpybotDeletingB3433] command /c del "c:\windows\system32\drivers\down\4359900.exe"
dRunOnce: [SpybotDeletingD173] cmd /c del "c:\windows\system32\drivers\down\4359900.exe"
dRunOnce: [SpybotDeletingB8878] command /c del "c:\windows\system32\drivers\down\4377731.exe"
dRunOnce: [SpybotDeletingD777] cmd /c del "c:\windows\system32\drivers\down\4377731.exe"
dRunOnce: [SpybotDeletingB1065] command /c del "c:\windows\system32\drivers\down\4383472.exe"
dRunOnce: [SpybotDeletingD7031] cmd /c del "c:\windows\system32\drivers\down\4383472.exe"
dRunOnce: [SpybotDeletingB6813] command /c del "c:\windows\system32\drivers\down\4395078.exe"
dRunOnce: [SpybotDeletingD2738] cmd /c del "c:\windows\system32\drivers\down\4395078.exe"
dRunOnce: [SpybotDeletingB7201] command /c del "c:\windows\system32\drivers\down\4404750.exe"
dRunOnce: [SpybotDeletingD6564] cmd /c del "c:\windows\system32\drivers\down\4404750.exe"
dRunOnce: [SpybotDeletingB3942] command /c del "c:\windows\system32\drivers\down\4412472.exe"
dRunOnce: [SpybotDeletingD1874] cmd /c del "c:\windows\system32\drivers\down\4412472.exe"
dRunOnce: [SpybotDeletingB3635] command /c del "c:\windows\system32\drivers\down\4412940.exe"
dRunOnce: [SpybotDeletingD5997] cmd /c del "c:\windows\system32\drivers\down\4412940.exe"
dRunOnce: [SpybotDeletingB5119] command /c del "c:\windows\system32\drivers\down\8073192.exe"
dRunOnce: [SpybotDeletingD7127] cmd /c del "c:\windows\system32\drivers\down\4431442.exe"
dRunOnce: [SpybotDeletingB6968] command /c del "c:\windows\system32\drivers\down\4434468.exe"
dRunOnce: [SpybotDeletingD991] cmd /c del "c:\windows\system32\drivers\down\4434468.exe"
dRunOnce: [SpybotDeletingD6992] cmd /c del "c:\windows\system32\drivers\down\4441816.exe"
dRunOnce: [SpybotDeletingB1069] command /c del "c:\windows\system32\drivers\down\4444109.exe"
dRunOnce: [SpybotDeletingD8569] cmd /c del "c:\windows\system32\drivers\down\4444109.exe"
dRunOnce: [SpybotDeletingB5290] command /c del "c:\windows\system32\drivers\down\4446309.exe"
dRunOnce: [SpybotDeletingD1742] cmd /c del "c:\windows\system32\drivers\down\4446309.exe"
dRunOnce: [SpybotDeletingB3650] command /c del "c:\windows\system32\drivers\down\4452174.exe"
dRunOnce: [SpybotDeletingB2985] command /c del "c:\windows\system32\drivers\down\4512703.exe"
dRunOnce: [SpybotDeletingD3616] cmd /c del "c:\windows\system32\drivers\down\4512703.exe"
dRunOnce: [SpybotDeletingB1007] command /c del "c:\windows\system32\drivers\down\4529473.exe"
dRunOnce: [SpybotDeletingD9212] cmd /c del "c:\windows\system32\drivers\down\4529473.exe"
dRunOnce: [SpybotDeletingB3755] command /c del "c:\windows\system32\drivers\down\4540767.exe"
dRunOnce: [SpybotDeletingD3732] cmd /c del "c:\windows\system32\drivers\down\4540767.exe"
dRunOnce: [SpybotDeletingB2555] command /c del "c:\windows\system32\drivers\down\4546555.exe"
dRunOnce: [SpybotDeletingD4508] cmd /c del "c:\windows\system32\drivers\down\4546555.exe"
dRunOnce: [SpybotDeletingB3604] command /c del "c:\windows\system32\drivers\down\4547631.exe"
dRunOnce: [SpybotDeletingD9437] cmd /c del "c:\windows\system32\drivers\down\4547631.exe"
dRunOnce: [SpybotDeletingB2825] command /c del "c:\windows\system32\drivers\down\7687042.exe"
dRunOnce: [SpybotDeletingD9807] cmd /c del "c:\windows\system32\drivers\down\7687042.exe"
dRunOnce: [SpybotDeletingD7247] cmd /c del "c:\windows\system32\drivers\down\7704842.exe"
dRunOnce: [SpybotDeletingB3629] command /c del "c:\windows\system32\drivers\down\7706059.exe"
dRunOnce: [SpybotDeletingD6188] cmd /c del "c:\windows\system32\drivers\down\7706059.exe"
dRunOnce: [SpybotDeletingB5090] command /c del "c:\windows\system32\drivers\down\7714280.exe"
dRunOnce: [SpybotDeletingD3453] cmd /c del "c:\windows\system32\drivers\down\7714280.exe"
dRunOnce: [SpybotDeletingB6170] command /c del "c:\windows\system32\drivers\down\7732002.exe"
dRunOnce: [SpybotDeletingD9162] cmd /c del "c:\windows\system32\drivers\down\7732002.exe"
dRunOnce: [SpybotDeletingB1228] command /c del "c:\windows\system32\drivers\down\7732595.exe"
dRunOnce: [SpybotDeletingD6050] cmd /c del "c:\windows\system32\drivers\down\7732595.exe"
dRunOnce: [SpybotDeletingB2369] command /c del "c:\windows\system32\drivers\down\7738959.exe"
dRunOnce: [SpybotDeletingD9712] cmd /c del "c:\windows\system32\drivers\down\7738959.exe"
dRunOnce: [SpybotDeletingB4047] command /c del "c:\windows\system32\drivers\down\7741144.exe"
dRunOnce: [SpybotDeletingD582] cmd /c del "c:\windows\system32\drivers\down\7741144.exe"
dRunOnce: [SpybotDeletingB7855] command /c del "c:\windows\system32\drivers\down\7743686.exe"
dRunOnce: [SpybotDeletingD4193] cmd /c del "c:\windows\system32\drivers\down\7743686.exe"
dRunOnce: [SpybotDeletingB9936] command /c del "c:\windows\system32\drivers\down\7745902.exe"
dRunOnce: [SpybotDeletingD2650] cmd /c del "c:\windows\system32\drivers\down\7745902.exe"
dRunOnce: [SpybotDeletingB8696] command /c del "c:\windows\system32\drivers\down\7757352.exe"
dRunOnce: [SpybotDeletingD9659] cmd /c del "c:\windows\system32\drivers\down\7757352.exe"
dRunOnce: [SpybotDeletingB4608] command /c del "c:\windows\system32\drivers\down\7760113.exe"
dRunOnce: [SpybotDeletingD8938] cmd /c del "c:\windows\system32\drivers\down\7760113.exe"
dRunOnce: [SpybotDeletingB185] command /c del "c:\windows\system32\drivers\down\7760971.exe"
dRunOnce: [SpybotDeletingD1651] cmd /c del "c:\windows\system32\drivers\down\7760971.exe"
dRunOnce: [SpybotDeletingB6245] command /c del "c:\windows\system32\drivers\down\7763389.exe"
dRunOnce: [SpybotDeletingD1286] cmd /c del "c:\windows\system32\drivers\down\7763389.exe"
dRunOnce: [SpybotDeletingB2377] command /c del "c:\windows\system32\drivers\down\7764263.exe"
dRunOnce: [SpybotDeletingD7379] cmd /c del "c:\windows\system32\drivers\down\7764263.exe"
dRunOnce: [SpybotDeletingB4932] command /c del "c:\windows\system32\drivers\down\7768085.exe"
dRunOnce: [SpybotDeletingD3154] cmd /c del "c:\windows\system32\drivers\down\7768085.exe"
dRunOnce: [SpybotDeletingB292] command /c del "c:\windows\system32\drivers\down\7770987.exe"
dRunOnce: [SpybotDeletingD2261] cmd /c del "c:\windows\system32\drivers\down\7770987.exe"
dRunOnce: [SpybotDeletingB9450] command /c del "c:\windows\system32\drivers\down\7800393.exe"
dRunOnce: [SpybotDeletingD1811] cmd /c del "c:\windows\system32\drivers\down\7800393.exe"
dRunOnce: [SpybotDeletingB3467] command /c del "c:\windows\system32\drivers\down\7813559.exe"
dRunOnce: [SpybotDeletingD385] cmd /c del "c:\windows\system32\drivers\down\7813559.exe"
dRunOnce: [SpybotDeletingB5929] command /c del "c:\windows\system32\drivers\down\7899282.exe"
dRunOnce: [SpybotDeletingD7212] cmd /c del "c:\windows\system32\drivers\down\7899282.exe"
dRunOnce: [SpybotDeletingB4726] command /c del "c:\windows\system32\drivers\down\7904071.exe"
dRunOnce: [SpybotDeletingD1774] cmd /c del "c:\windows\system32\drivers\down\7904071.exe"
dRunOnce: [SpybotDeletingB7591] command /c del "c:\windows\system32\drivers\down\7928111.exe"
dRunOnce: [SpybotDeletingD4871] cmd /c del "c:\windows\system32\drivers\down\7928111.exe"
dRunOnce: [SpybotDeletingB8918] command /c del "c:\windows\system32\drivers\down\7932572.exe"
dRunOnce: [SpybotDeletingD9774] cmd /c del "c:\windows\system32\drivers\down\7932572.exe"
dRunOnce: [SpybotDeletingB944] command /c del "c:\windows\system32\drivers\down\7938563.exe"
dRunOnce: [SpybotDeletingD326] cmd /c del "c:\windows\system32\drivers\down\7938563.exe"
dRunOnce: [SpybotDeletingB7539] command /c del "c:\windows\system32\drivers\down\7955130.exe"
dRunOnce: [SpybotDeletingD6420] cmd /c del "c:\windows\system32\drivers\down\7955130.exe"
dRunOnce: [SpybotDeletingB8258] command /c del "c:\windows\system32\drivers\down\7958547.exe"
dRunOnce: [SpybotDeletingD6254] cmd /c del "c:\windows\system32\drivers\down\7958547.exe"
dRunOnce: [SpybotDeletingB110] command /c del "c:\windows\system32\drivers\down\7970340.exe"
dRunOnce: [SpybotDeletingD2099] cmd /c del "c:\windows\system32\drivers\down\7970340.exe"
dRunOnce: [SpybotDeletingB5750] command /c del "c:\windows\system32\drivers\down\7977641.exe"
dRunOnce: [SpybotDeletingD2445] cmd /c del "c:\windows\system32\drivers\down\7977641.exe"
dRunOnce: [SpybotDeletingB4563] command /c del "c:\windows\system32\drivers\down\7987251.exe"
dRunOnce: [SpybotDeletingD9525] cmd /c del "c:\windows\system32\drivers\down\7987251.exe"
dRunOnce: [SpybotDeletingB6471] command /c del "c:\windows\system32\drivers\down\7989965.exe"
dRunOnce: [SpybotDeletingD8082] cmd /c del "c:\windows\system32\drivers\down\7989965.exe"
dRunOnce: [SpybotDeletingB7125] command /c del "c:\windows\system32\drivers\down\7993506.exe"
dRunOnce: [SpybotDeletingD5223] cmd /c del "c:\windows\system32\drivers\down\7993506.exe"
dRunOnce: [SpybotDeletingB3093] command /c del "c:\windows\system32\drivers\down\8001712.exe"
dRunOnce: [SpybotDeletingD6517] cmd /c del "c:\windows\system32\drivers\down\8001712.exe"
dRunOnce: [SpybotDeletingB1345] command /c del "c:\windows\system32\drivers\down\8014894.exe"
dRunOnce: [SpybotDeletingD2024] cmd /c del "c:\windows\system32\drivers\down\8014894.exe"
dRunOnce: [SpybotDeletingB7409] command /c del "c:\windows\system32\drivers\down\8045735.exe"
dRunOnce: [SpybotDeletingD1596] cmd /c del "c:\windows\system32\drivers\down\8045735.exe"
dRunOnce: [SpybotDeletingB3030] command /c del "c:\windows\system32\drivers\down\8050025.exe"
dRunOnce: [SpybotDeletingD8707] cmd /c del "c:\windows\system32\drivers\down\8050025.exe"
dRunOnce: [SpybotDeletingB2578] command /c del "c:\windows\system32\drivers\down\8070165.exe"
dRunOnce: [SpybotDeletingD6838] cmd /c del "c:\windows\system32\drivers\down\8070165.exe"
dRunOnce: [SpybotDeletingD4385] cmd /c del "c:\windows\system32\drivers\down\8073192.exe"
dRunOnce: [SpybotDeletingB9423] command /c del "c:\program files\getpack\trgtame.gz"
dRunOnce: [SpybotDeletingD1150] cmd /c del "c:\program files\getpack\trgtame.gz"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: credssp.dll, msansspc.dll

============= SERVICES / DRIVERS ===============

S0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 103952]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2008-6-24 51704]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 138744]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-6-24 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-6-24 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\webroot\washer\wrSSweep.sys [2008-4-7 21832]
S4 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-27 1840128]
S4 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-20 809296]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-10-5 24652]
S4 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-5 598856]

=============== Created Last 30 ================

2009-10-15 15:14 --dsh--- C:\$RECYCLE.BIN
2009-10-15 13:54 236,544 a------- c:\windows\PEV.exe
2009-10-15 13:54 161,792 a------- c:\windows\SWREG.exe
2009-10-15 13:54 98,816 a------- c:\windows\sed.exe
2009-10-15 13:45 35 a------- c:\users\mana\appdata\roaming\SetValue.bat
2009-10-15 13:45 691 a------- c:\users\mana\appdata\roaming\GetValue.vbs
2009-10-15 09:37 --d----- c:\windows\pss
2009-10-15 09:23 --d----- c:\program files\CCleaner
2009-10-05 12:43 --d----- c:\program files\Viewpoint

==================== Find3M ====================

2009-10-15 14:43 345,524 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-15 14:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 09:37 51,200 a------- c:\windows\inf\infpub.dat
2009-09-04 09:37 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-04 09:37 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 07:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 07:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 07:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 07:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 07:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 05:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2008-11-29 21:24 174 a--sh--- c:\program files\desktop.ini
2008-11-29 21:08 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:25:23.83 ===============

Lydin
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-09-18
OS OS : Xp, Vista
Points Points : 26419
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Cant run any antispyware programs (vista) and browser hijack

Post by Belahzur on 15th October 2009, 11:44 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight any of the follow:
    Viewpoint Manager
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\users\mana\appdata\roaming\SetValue.bat
    c:\users\mana\appdata\roaming\GetValue.vbs
    c:\program files\Viewpoint

    :reg
    [-HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum