Help fixing trojan/malware "iexplarer.exe"

View previous topic View next topic Go down

Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Mon 25 Oct 2010, 1:19 am

Running Windows 7

Symptoms I notice are popups in firefox to search sites. When I do a search, it often redirects me to another search site for the same topic. Script errors are coming up for sites that I'm not visiting. When starting the computer, get an error about a missing DLL of random keys. Sometimes an IExplorer window will come up, but nothing loads from it. Also, it appears as though Google Chrome will not connect to anything.

I've run malwarebytes anti maleware and superantispyware and both detect several threats, but when fixing and restarting the computer, they come back. Mostly trojan.downloader named
avp.exe
avp32.exe
iexplarer.exe
iexplorer.exe
setup.exe
win.exe
winamp.exe

all located in the \appdata\local\temp folder as well as

csrss.exe and win.exe in the \windows\ folder

Please let me know if additional info is needed. OTL Logs are below


OTL Extras logfile created on: 10/24/2010 9:37:41 AM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = F:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 24.48 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 208.43 Gb Free Space | 22.38% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 39.31 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Drive F: | 736.20 Gb Total Space | 498.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 124.47 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive H: | 465.65 Gb Total Space | 313.93 Gb Free Space | 67.42% Space Free | Partition Type: FAT32
Drive M: | 30.41 Mb Total Space | 15.01 Mb Free Space | 49.36% Space Free | Partition Type: FAT

Computer Name: SEVEN | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1B9B4BC3-F63A-4415-B6CC-AA0DEFCC4B21}_is1" = Greasemetal Version 0.2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F721BB3-3E11-469C-97A3-6B2BEC758F37}" = SageTV
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EFA27A6C-DF46-568B-4BB1-1DBD064F67A8}" = TweetDeck
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Air Video Server" = Air Video Server 2.4.0
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Dell Webcam Central" = Dell Webcam Central
"Digsby" = Digsby
"doubleTwist" = doubleTwist
"EPSON Scanner" = EPSON Scan
"Everything" = Everything 1.2.1.371
"FileZilla Client" = FileZilla Client 3.3.2.1
"foobar2000" = foobar2000 v1.0.3
"Foxit Reader" = Foxit Reader
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Handbrake" = Handbrake 0.9.4
"HFSExplorer" = HFSExplorer 0.21
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard)
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mp3tag" = Mp3tag v2.46a
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"Notepad++" = Notepad++
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"QuickPar" = QuickPar 0.9
"Stellar Phoenix NTFS Data Recovery_is1" = Stellar Phoenix NTFS Data Recovery V4.1
"Subsonic" = Subsonic
"TightVNC" = TightVNC 2.0.2
"Trillian" = Trillian
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 1.0.5
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 11:10:09 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: s6wdspbkhh.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xfb8 Faulting application start time: 0x01cb72c186644560 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\s6wdspbkhh.dll
Report
Id: 9fbd1250-deb7-11df-99f3-001ec9565c0f

Error - 10/23/2010 11:41:37 AM | Computer Name = Seven | Source = Bonjour Service | ID = 100
Description = 272: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/23/2010 5:35:22 PM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: s6wdspbkhh.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xf70 Faulting application start time: 0x01cb72c90c629f70 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\s6wdspbkhh.dll
Report
Id: 70294af0-deed-11df-bcf0-001ec9565c0f

Error - 10/24/2010 12:31:24 AM | Computer Name = Seven | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 10/24/2010 12:43:11 AM | Computer Name = Seven | Source = Bonjour Service | ID = 100
Description = 512: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/24/2010 1:04:58 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: s6wdspbkhh.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xf08 Faulting application start time: 0x01cb73362e99ba70 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\s6wdspbkhh.dll
Report
Id: 3f66a1d0-df2c-11df-af23-001ec9565c0f

Error - 10/24/2010 2:00:50 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: win.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: win.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xd24 Faulting application
start time: 0x01cb73362b0c4df0 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\win.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\win.exe Report Id: 0d473c70-df34-11df-af23-001ec9565c0f

Error - 10/24/2010 2:59:34 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: avp32.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: avp32.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xcd0 Faulting application
start time: 0x01cb73362a65fbd0 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\avp32.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\avp32.exe Report Id: 41c007e0-df3c-11df-af23-001ec9565c0f

Error - 10/24/2010 3:40:56 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: iexplarer.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: iexplarer.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xce0 Faulting application
start time: 0x01cb73362acc37b0 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe Report Id: 09201fa0-df42-11df-af23-001ec9565c0f

Error - 10/24/2010 3:47:22 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: winamp.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xd14 Faulting application
start time: 0x01cb73362add0090 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\winamp.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\winamp.exe Report Id: ef37eea0-df42-11df-af23-001ec9565c0f

[ Media Center Events ]
Error - 8/29/2010 5:42:05 PM | Computer Name = Seven | Source = MCUpdate | ID = 0
Description = 5:42:04 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 8/31/2010 5:39:24 AM | Computer Name = Seven | Source = MCUpdate | ID = 0
Description = 5:39:20 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

[ System Events ]
Error - 10/23/2010 10:49:16 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/23/2010 11:38:19 AM | Computer Name = Seven | Source = DCOM | ID = 10010
Description =

Error - 10/23/2010 11:42:57 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 10/23/2010 11:43:00 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/23/2010 5:33:41 PM | Computer Name = Seven | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 10/23/2010 5:33:51 PM | Computer Name = Seven | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 10/23/2010 5:37:58 PM | Computer Name = Seven | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 10/24/2010 12:44:19 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 10/24/2010 12:44:22 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/24/2010 3:41:18 AM | Computer Name = Seven | Source = DCOM | ID = 10010
Description =


< End of report >

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Mon 25 Oct 2010, 1:20 am

OTL Extras logfile created on: 10/24/2010 9:37:41 AM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = F:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 24.48 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 208.43 Gb Free Space | 22.38% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 39.31 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Drive F: | 736.20 Gb Total Space | 498.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 124.47 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive H: | 465.65 Gb Total Space | 313.93 Gb Free Space | 67.42% Space Free | Partition Type: FAT32
Drive M: | 30.41 Mb Total Space | 15.01 Mb Free Space | 49.36% Space Free | Partition Type: FAT

Computer Name: SEVEN | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1B9B4BC3-F63A-4415-B6CC-AA0DEFCC4B21}_is1" = Greasemetal Version 0.2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F721BB3-3E11-469C-97A3-6B2BEC758F37}" = SageTV
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EFA27A6C-DF46-568B-4BB1-1DBD064F67A8}" = TweetDeck
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Air Video Server" = Air Video Server 2.4.0
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Dell Webcam Central" = Dell Webcam Central
"Digsby" = Digsby
"doubleTwist" = doubleTwist
"EPSON Scanner" = EPSON Scan
"Everything" = Everything 1.2.1.371
"FileZilla Client" = FileZilla Client 3.3.2.1
"foobar2000" = foobar2000 v1.0.3
"Foxit Reader" = Foxit Reader
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Handbrake" = Handbrake 0.9.4
"HFSExplorer" = HFSExplorer 0.21
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Standard)
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mp3tag" = Mp3tag v2.46a
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"Notepad++" = Notepad++
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"QuickPar" = QuickPar 0.9
"Stellar Phoenix NTFS Data Recovery_is1" = Stellar Phoenix NTFS Data Recovery V4.1
"Subsonic" = Subsonic
"TightVNC" = TightVNC 2.0.2
"Trillian" = Trillian
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 1.0.5
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 11:10:09 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: s6wdspbkhh.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xfb8 Faulting application start time: 0x01cb72c186644560 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\s6wdspbkhh.dll
Report
Id: 9fbd1250-deb7-11df-99f3-001ec9565c0f

Error - 10/23/2010 11:41:37 AM | Computer Name = Seven | Source = Bonjour Service | ID = 100
Description = 272: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/23/2010 5:35:22 PM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: s6wdspbkhh.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xf70 Faulting application start time: 0x01cb72c90c629f70 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\s6wdspbkhh.dll
Report
Id: 70294af0-deed-11df-bcf0-001ec9565c0f

Error - 10/24/2010 12:31:24 AM | Computer Name = Seven | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 10/24/2010 12:43:11 AM | Computer Name = Seven | Source = Bonjour Service | ID = 100
Description = 512: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/24/2010 1:04:58 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: s6wdspbkhh.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xf08 Faulting application start time: 0x01cb73362e99ba70 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\s6wdspbkhh.dll
Report
Id: 3f66a1d0-df2c-11df-af23-001ec9565c0f

Error - 10/24/2010 2:00:50 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: win.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: win.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xd24 Faulting application
start time: 0x01cb73362b0c4df0 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\win.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\win.exe Report Id: 0d473c70-df34-11df-af23-001ec9565c0f

Error - 10/24/2010 2:59:34 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: avp32.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: avp32.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xcd0 Faulting application
start time: 0x01cb73362a65fbd0 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\avp32.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\avp32.exe Report Id: 41c007e0-df3c-11df-af23-001ec9565c0f

Error - 10/24/2010 3:40:56 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: iexplarer.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: iexplarer.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xce0 Faulting application
start time: 0x01cb73362acc37b0 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe Report Id: 09201fa0-df42-11df-af23-001ec9565c0f

Error - 10/24/2010 3:47:22 AM | Computer Name = Seven | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 1.0.0.0, time stamp:
0x21475346 Faulting module name: winamp.exe, version: 1.0.0.0, time stamp: 0x21475346
Exception
code: 0xc0000005 Fault offset: 0x00001a21 Faulting process id: 0xd14 Faulting application
start time: 0x01cb73362add0090 Faulting application path: C:\Users\Jeff\AppData\Local\Temp\winamp.exe
Faulting
module path: C:\Users\Jeff\AppData\Local\Temp\winamp.exe Report Id: ef37eea0-df42-11df-af23-001ec9565c0f

[ Media Center Events ]
Error - 8/29/2010 5:42:05 PM | Computer Name = Seven | Source = MCUpdate | ID = 0
Description = 5:42:04 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 8/31/2010 5:39:24 AM | Computer Name = Seven | Source = MCUpdate | ID = 0
Description = 5:39:20 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

[ System Events ]
Error - 10/23/2010 10:49:16 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/23/2010 11:38:19 AM | Computer Name = Seven | Source = DCOM | ID = 10010
Description =

Error - 10/23/2010 11:42:57 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 10/23/2010 11:43:00 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/23/2010 5:33:41 PM | Computer Name = Seven | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 10/23/2010 5:33:51 PM | Computer Name = Seven | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 10/23/2010 5:37:58 PM | Computer Name = Seven | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 10/24/2010 12:44:19 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 10/24/2010 12:44:22 AM | Computer Name = Seven | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/24/2010 3:41:18 AM | Computer Name = Seven | Source = DCOM | ID = 10010
Description =


< End of report >

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by Belahzur on Mon 25 Oct 2010, 11:17 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Mon 25 Oct 2010, 2:21 pm

Here is the log contents. While the main symptoms seem to be gone, it appears as though there are still occasional (but not as frequent) popups. Google Chrome also will not load pages. Simply sticks on 'loading.' Firefox and IE are fine.

Turning in for the night now, will resume tomorrow. Thanks.
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4938

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/24/2010 10:37:39 PM
mbam-log-2010-10-24 (22-37-39).txt

Scan type: Quick scan
Objects scanned: 140839
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 31
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
C:\Users\Jeff\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeff\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeff\AppData\Local\Temp\setup.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeff\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Jeff\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Windows\csrss.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Windows\win.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlo+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejloc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlora (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlqb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlqc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlqe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqyc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqycdupper.com&p=r0lgodlhyaa8apcaaaaaaaaamwaazgaamqaazaaa/waraaarmwarzgarmqarzaar/wbvaabvmwbv
zgbvmqbvzabv/wcaaacamwcazgcamqcazaca/wcqaacqmwcqzgcqmqcqzacq/wdvaadvmwdvzgdv
mqdvzadv/wd/aad/mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmradmrmzmrzjmrmtmr
zdmr/znvadnvmznvzjnvmtnvzdnv/zoaadoamzoazjoamtoazdoa/zoqadoqmzoqzjoqmtoqzdoq
/zpvadpvmzpvzjpvmtpvzdpv/zp/adp/mzp/zjp/mtp/zdp//2yaagyam2yazmyamwyazgya/2yr
agyrm2yrzmyrmwyrzgyr/2zvagzvm2zvzmzvmwzvzgzv/2aaagaam2aazmaamwaazgaa/2aqagaq
m2aqzmaqmwaqzgaq/2bvagbvm2bvzmbvmwbvzgbv/2b/agb/m2b/zmb/mwb/zgb//5kaajkam5ka
zpkamzkazjka/5krajkrm5krzpkrmzkrzjkr/5lvajlvm5lvzplvmzlvzjlv/5maajmam5mazpma
mzmazjma/5mqajmqm5mqzpmqmzmqzjmq/5nvajnvm5nvzpnvmznvzjnv/5n/ajn/m5n/zpn/mzn/
zjn//8waamwam8wazswamcwazmwa/8wramwrm8wrzswrmcwrzmwr/8xvamxvm8xvzsxvmcxvzmxv
/8yaamyam8yazsyamcyazmya/8yqamyqm8yqzsyqmcyqzmyq/8zvamzvm8zvzszvmczvzmzv/8z/
amz/m8z/zsz/mcz/zmz///8aap8am/8azv8amf8azp8a//8rap8rm/8rzv8rmf8rzp8r//9vap9v
m/9vzv9vmf9vzp9v//+aap+am/+azv+amf+azp+a//+qap+qm/+qzv+qmf+qzp+q///vap/vm//v
zv/vmf/vzp/v////ap//m///zv//mf//zp///waaaaaaaaaaaaaaach5baeaapwalaaaaadiadwa
aaj/apcjfchgzmcdcbmqxmiwocoha+spuwax4kaxk9cgybixo0eoidvyjkamzmmjjdgisciy5b6c
bl3kzehrykzma2vkradngu+foisgxagse8mjj5eihbpwkhirhvvgzcgxprkqhunodsjmxkymqhhq
nfozkfiwe9mso3iwgemyxiyunckqgt27d2esvtv07mgbopfchhljpum0t/dbm7mpcu7febpahqzr
b8wcb+sl5mm1q0dlj11qvkjrqrijmqgxrix3dckjeidgfghtngm2jxhwfmhbp17eayfnnan6d9if
o5xbrlx8sbjhnke/tj0wjuny0ip3tugmutixit+3/8z0ibhsyuab6mtuhca08dnrs4781dru4hep
m9s8g+fc8zotzt9ednegnepefmiwbgkp1159phl2v38o3frfrzonvv1bjdl14wyzaefduiehzjxa
twwh4e0ecfgugyihcr5d3rm0wcb67vntjpvlwpxneefnuybicxnfqb+egjgkfhxv3wevdugyqjxq
ekrlgc1uyeobztjrieaxpvmowgnhy2hxskgqa1qcubbzivbh5mcnoireckvgbphmoffyepkkiqgw
mpvytivyvjzwkjdgyujthydqz6f0mnhkk45puelfitrlknc+jzyoxfazuqqmytshettaqtn13yka
vv8u13ln3vbpkciyfdtskmoul6hskysquyriimmhm2pkw0yijbzlltxvf1ovdmakjolz2wpqjckv
dzpydtp25qlctqkmsg9ymmi9c01wd0znstgfnjq69mfq9cz61rhnchmxswwpcu1qmcswgghwuysp
snbmqtitm3qp0g52muqlistr6yvvijk7gmecxhtxqzncplbllqmzl0he3hbwwqde8o1xj5wells4
xdwdrdoa2cx3l8mrm2ajbzeywt42mmivyo3kfrpgxmqzzpskexmmmxsvqb4nwwlxlngcupz3gh0l
x0kztdljdqyxbeamb9cxgpik6arcdmrsblwi+t3/1ufrrn3e78afxc2szxdzmmlorejyfn2f4ora
xbslshrmcbes+dsrsg3upnspglo9mctatq2uavzyqzmcyldqrhsp3zcn/at5zkmiiapyz00ct3wk
p92gxgtvfu3smpuedve3cutgjkf+a6moabr8axfatmetlxk7b6zftpz8edegaka1wpccfdifghwm
xtbzwbiw8eojhyl5pknfn7xfapb3qddxsugsj4yytgj7eqqcrabxo7hmqiyfgsbtatet2cjelx/d
vfhk97ygja9gt3evqicgns3ncyc4idznbpmstsnmvky60mxg56ggww5ibshjjgaagaedyyc1kgqr
/2ocphujzyj0kknmyva+yo3qqgaajqn5xaeqpqux5rpjutzsuhsw8gj14wm/aloqh4flwcctim4u
kzmlvushiznlq3xxmbjdlqyjtimfvneqgmtcacuq14melueeykgob6xxdcc3inneccddywro2cu+
fiiqeyso2en+pto3fniiluqfhq1wsj79pwgxe4r1lkouc3veiokehu5mz5weawu2tjoigm7anmlq
btcuoc7lhgw/ihjrjmwdgcvfjro/lcyoqcli9gschkxk8melgopedgmdn3txzp9zm0psiduawmqy
kyrgz37vgzbgthjoponcztuvzwqybslrhad4r/+mc+qszxastgen8b+jbarr1mtvaibojew4or4g
/etx8ge4zfdklevjieqqslgnnky+4xpkdq+0mc2izhld9n93shiqjfwsix80nwaqpzlpwqrymtiv
mwjzqjl1pxnvy6b1lmtlhcqsmazjjumwepq0qc5lwromsxb4eaqe0kmbed5h1zyvc9euj5drsbp/
1nlxsm9ywstikn0x1fj+xvjjucknrsbmo9pkwcroyb4gwzkkng6egzvi+nzyhwrnpdzp4yvpjkic
gryja8p0nbqvopw8ctu1wzerstrkftcyxiwq1bztpeondlltrwtbf4kaqzsdqrwamzojstcypzt/
kbmiywivh4zmiw7vlfucyvq4fge9ncmepvhdy1cqcchmsi2zuaejvqgslaw8tykihqzxm8lswd0k
iyotcmciairpmq0ijwcoelefqy1k85fw4k9jbfi2aohiuv9k0j90pt7m1u0z6s1d8u4zg7malz9i
paghc/yr8prki7xrw9qo4htqukv2rnefnx3ucojc1jvo2+mapxnclc0eowdbweo6mznufovlqrym
7cyhvamqzabuxdadknijvmxfclbr3egwalyk2hafg5ko/ua0ofy6ilq24wslutm5yrjtltfzn0km
rranasatqetj8ishrb31xmya2ena9gyykgyv/3dp2w7lagbokmblkxrz3wyo4yuvszpkews0zj4b
aas1ub+zibkanpov8f5fegsvrzewc6rw8wwimcoxqtk3uxv9s8qwxuif+/k40bpyr8wtgyvsjlao
nisw1plyl7/7upqwfrxozwiwd+oj+0hsig7jd6y8/ekgdedy3a202fguf80lmixwtbfqfpjxqgax
lt8xci0l5im6m4hb0gaki7gdncw80gphe4jawovlkwamexgjymbizj8lmkxrbqraikmn19e8umfq
7clgznuz7wztwc67gaegwtwgznz64ssknuyjfhbauk7ixjjgka4q07tho7d04fmdds+cmq9mav+s
suxm5sskcaglo86nc7lwezqy1nlxpu2sc63zpfrudgupt0dka64ycvgle5ujbzpdbzg4qset2rnu
c8nl3saezswsdgaazlky80avzgqyda3m7eq8tstqo7n4zzvsi7nmxn/60gcxdr6iv8zwculfginc
nno7kz40sebkc/p3t9asdasrn9bdsncgnb5lzz6ri4xvu7cczmyerfbpvehcutzupew58gwhvhge
4kshk9qymtggqbmsbsf8oy7/sqw+xx0m6cz1kbk47ssz+qu7lu9e8mwfepwch5yxrya2cw22gul7
lyosmfzcd9wd1qrkjypnqzzbbsy7zzxqntl/ryo00cvqbmooocmb9iz0qghol+xmbs8rg20piven
calm+dhznspeehkw5sg2c180dqpjxhkerbyu5idmgl+7onex1cgwis/s10qarhd7z1f10h0oew45
9w0mq1auzh5psrj41saxswky80wmazhajgwxaxrlrdkbkxmgvhqimrzdtyhdxsvyfi46zcdzexvw
qvip13jp8zz8yx1fmzsnqwmskknqmsord0qhuxmnwyixaenkxxf1g20yczek9hytdkdp0xie9rzr
8suof2mzzxzkyxf6byu4whln8ls/metkcnldccjmyxuysk3a00e6lzqomx8zouuybe5drbqk/xyd
ckgbqnd9r6fxggcrhpgqftfodpgbwnip9onqa4iswqg7ynymbefigfe8k1eek0nnjtjpvtjyeevs
4/ogmekjmavpq6glmsituuytoknth9fqocep/5mqehm4ghqe6ecwswgjzkgxb6rrxoztixmz1aff
kke2pzdkikeqvsf47jcyhnemuiemjvesdgyxpzgjovmuumg0i2gn3wunmpgnmgjbqkjey5vzy1qx
rdcupfm0p1hoxmqwaik75fzaeoevmfiw5qjr83db6ceianfaruiinxeje0nneeh7yugsg4ftaygt
8xdsqfhsfaihx4gkr5fk42us1gd9e4h6c+/bcreehfwig4lyfagbxhppvebieppvkl44hrfbewmt
bujrk+orirnrk9bzenxcg/cnhneyrrm5salnjr6olorxjawhkpobzaluuznhrb4gomylewwyyfdo
ididkh85uppiemcslqznyw8ssyqychjelmxplmlhnmpzowgdu3ejhe8njlwolibczdpdjcpiljak
hxpcwlkmlerbjoyiko1zexyjle6muemczjhei0dksq+rfksjesrqmqzzm3xbeldprq+jijgofkbc
y4hjm8lzklezg9g0dxokhbdbm8njndscf8syi2skjtpynlyzeaa7==na2ip+zymcvjmeywgcn/szrt
ahvgyu+um4q7yv8nwuyqioax2rch8yz88in3gmiypm9ydpvdvbjbjr9qazdsmjtk+zqztdseuyxq
msv1s5hdzc15+y8dly2gvw8encpayyo2v5wgasobapzt1hxjcrvpzaaiyx2fxuuy8ttxuvanjzwu
myhxg2no51yvst6h+zbwnbeab0ygkzwlutwfkje9tkoefz9ccn1xbszjg1wsqlcccuqd6srjwznl
exahmjjssraggkp/+rudvudc5k1vgtdxajbl+uynazdg8zmfgjkkvhyy4rwrarbdch5kirargr7x
extdhdyhuw5ciimnsj/uw6hhmrid8ovhx4mdd/oohtgnnqu1jearwkwiyno86nsnsjydsgapwaqp
6giznizdhheslejpnmogxkloulomgxgnvsiqtnpld1ljrlmrazgn9nm5obkqusoy4qf0q5o4vhqr
pcy5ariqads= (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqycsonalift.com&p=r0lgodlhyaa8apcaaaaaaaaamwaazgaamqaazaaa/waraaarmwarzgarmqarzaar/wbvaabvmwbv
zgbvmqbvzabv/wcaaacamwcazgcamqcazaca/wcqaacqmwcqzgcqmqcqzacq/wdvaadvmwdvzgdv
mqdvzadv/wd/aad/mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmradmrmzmrzjmrmtmr
zdmr/znvadnvmznvzjnvmtnvzdnv/zoaadoamzoazjoamtoazdoa/zoqadoqmzoqzjoqmtoqzdoq
/zpvadpvmzpvzjpvmtpvzdpv/zp/adp/mzp/zjp/mtp/zdp//2yaagyam2yazmyamwyazgya/2yr
agyrm2yrzmyrmwyrzgyr/2zvagzvm2zvzmzvmwzvzgzv/2aaagaam2aazmaamwaazgaa/2aqagaq
m2aqzmaqmwaqzgaq/2bvagbvm2bvzmbvmwbvzgbv/2b/agb/m2b/zmb/mwb/zgb//5kaajkam5ka
zpkamzkazjka/5krajkrm5krzpkrmzkrzjkr/5lvajlvm5lvzplvmzlvzjlv/5maajmam5mazpma
mzmazjma/5mqajmqm5mqzpmqmzmqzjmq/5nvajnvm5nvzpnvmznvzjnv/5n/ajn/m5n/zpn/mzn/
zjn//8waamwam8wazswamcwazmwa/8wramwrm8wrzswrmcwrzmwr/8xvamxvm8xvzsxvmcxvzmxv
/8yaamyam8yazsyamcyazmya/8yqamyqm8yqzsyqmcyqzmyq/8zvamzvm8zvzszvmczvzmzv/8z/
amz/m8z/zsz/mcz/zmz///8aap8am/8azv8amf8azp8a//8rap8rm/8rzv8rmf8rzp8r//9vap9v
m/9vzv9vmf9vzp9v//+aap+am/+azv+amf+azp+a//+qap+qm/+qzv+qmf+qzp+q///vap/vm//v
zv/vmf/vzp/v////ap//m///zv//mf//zp///waaaaaaaaaaaaaaach5baeaapwalaaaaadiadwa
aaj/apcjheiwomgdcbmqxmhq4krmkxpkfjijwmvmewc+zmixo8epbtojflnvokilgd0sy5hjdmsc
yg6uvihy5mqgyghoqkmmdcifqipgxkhs6d4xamqgdtnsptotix+sljgjtdv9yh7whilqgtflmwia
hwhu6dsganmsbvjpyd00oynqjdfjqv2lid1gbrrvotakoyhazfjuq9goapoqbtr2rs7fbdskncp5
hxq4k3b6hmvwrtkkiinshl3poslmyf82lyrsl1/dnwk+jsgz8utba+3axkoqmka4l1umpghu7ekr
yc1uftpjcdlza88exijaj0pbwwv+nszs7gdcu2xj/11cj3pcuhcf12xiuz5vgim/xzb4fkn9yvt8
z8eaoxpih3ih9f5phe0x3lbtixvdqrvnba16cuwxl0oxhsszmpinajcbp1wllgnikpmzbdex99jp
sgvngztjofugenal5fjbaq4ehhs04tchzbwbz5ldyjwxgnayicgruljb9lfxaumglkszthrjqdyd
bbesavlwfeftndugyqzhnf9mi421vh11lziqhlk2wdb2x5gikxhqqlbxegy6mzjrnsyuv2uxuvcs
eddowfpkgguyooqi2qxixrckhf9oa/pk0zdmojyqm5bdocl7ovrup0msbzlurenl9yvhqw2i0kyf
5f8ue1ycilqvsxbv5+rrcez31jxvcglzrxvvyjtlgxpupagssrmtgcszuiqzgh6ruzdwxbrpjf+y
yalivh10g5b06jabjkuf9xfsqfjkq1tyhqnzqbjp2fzmaer33kysbotbzrlsfdhfvw17wbgxirvt
ucqvrk6psaiwy23twutjdlhn2oh1qyqexjhasbohc1vi6hbnsw186mvxnvqygo+93kjc+nwqlrpa
nrmhtchcm61bq8wf48lepsdsarbmzixunylvbnpkhvqlvdxila6kddelerxeshusxflbbrrvt30s
ktdb2utm188e1f9k8songrsrh7g0uwfxifbgeq3/6e90+wtcfjqxlnowwq0nucrhepxmhkxhe6r3
3dayc9ekn5x95twjs4zuscrcijhvpfwkhfqmmtr54balj3pmeaxlj0wqxwd7y4xc1famnjcqazhb
lvdyudsznvzxbq6fyqoxhix8nxvvtovaesmegnw9fyoh8slxpnjcu0ynnk8/y/vwddfynr4by0be
lqbw+te6qbobrax8fyd1lxzygzsj7qaonimowjk5biz18bfl1z4eaaayaaarcmn2raszwsxgoxks
ehnatjbi9cc6w1gg7qb4gxwkr04mwtlerjaqyglto3lhe8lw4savgmcghqul+zqbjakuxyo72d52
/8rggbjc8iyxcoadadcnpztncxkpwznypcotdep6vcvjcnfhdiumscad8s3mptyzzrfddeym4a24
rt6ycksy0fjjv7qhpk8umx22k2iskcihksvllekeghdemmcydguox0hkd4eguim4iykwo1pwbgqd
uabbfdcizsq4lkabdehrolgigbr4weaauqx0fmvxyqo482bho5cmocwbqean8y02dptfewujkpqb
wccv8qr5rpqsnahtirwkcggw8on/dec9kspjsv6hpqzu6t1gyhgoe+k84vnkbg1cix9lqeagtzmy
boatmqaeneba5jj5ngesjwi7hseno81p4mviav/bkcwgrd1bijf7lzuzyez6jthoqkkepkpqpcob
kgr85ieg/8qqgdhqig8uuqiajbnfwjkmdpskzbluayefxog8dyk5g0ukewfshb8r4scm0giggblr
iidknbhbrylba1yi1ocnedr0ygsragwga9mazmso4araw4xzrjy4pheaistx4grrzfzuidhmyo2g
mqxsjleipsnzagfjm7feq1c+hz6vgnq9ersej/9kyblwcj1wyqwe6comr2owqbmolsjhni8bbvjo
ywehnhbz0aedm9dy8ay9xcgkagpwiej0zsa1xvaycxgjg8lpo0jqhfmkuiri8ha+zifvmlrd1mv/
dur9w6xmeqrvkmwa8waybq6mepkjjk6ggac7d4tq4xlhhiw9jcthew2i0tumbsyqawrzcndrapzi
t0jzgc7x0qopps04rwmox3xcrrzojrzcjmgnuidhlyiss5fj2nfaoykg9qrltvyrmdsik53ycjxp
skxhnztcosyjq358yblvmiybsmssbjipveytfdlnc6vgtewz6kiyr9gtkrhpixvqt4iglyuqhcuk
lym6rbonpxf7agcmgpvty14mqjehbjrovmbdweylskkihot4q58ap3r2rc356nissakgf4lj8ja2
q+as4wlujjnkkjvdnc7db8m5radp6rsg9nep/3l/6vmddfwsuwsns3ssq2aqij2cfvepsmtez4hx
locmasxntseobyla2axxyq9bg2wneldshmzdnwhqmvjsrvyz1xzdmsimh9oxko4dgnwidolgcyax
huygvvwzizgqxxveajfqc2ah6xlhomgwkbjckaxfxd7+ljfdwhqopu4coenmjvvsctqeuyil4t7o
nhh9kezq2glzdsqnztuwkdpl4oqmroutoz6qu6azzdiaq5kookfdr6vvq/rnbhxwlhoyrqfrlvvn
4tgim4jgeza6vaqjj5vuluqdflmluiiczxcskskuvmkx6ollinjdd10eu2cpiescgklpmc+j0v8a
ch7geqqaasngtym4rp4jgtpyxkdwnobl/klz9vlsmxoz8bfujs9bh4spjdbwxdfo6xegse/u6zgk
vlkwkqdwio7qqohuvpbd2rxi1vkxm6xztljlpidclgwa6tvqed4a6esirgohy1ehcguuzxmbo6az
2vleknppxuqqmleevo5pnjrud1psenykaigy1gnivcxdlfvzr9kg2tkutxjf0nwy7gqbrj9dgufl
ylkfeylirdcaqyqw7kfxagl6wvvnkuwm5foctcmpgvnotaymqkaqs5pimoxahdqzmhdchafy7nzo
ofnse1skrf3bscau+ozomy9idyslczfl0yp/pqvptog5z2mhkuz/hpotprsxifea5qnltscwls6y
trnx5yx5kn6pj5o9jitdqtzzyzinlhhomn8youmw1vfwyverbleb1x/5chg2o2jzfammpek4grnp
ihkecj3ksfbh4h6cihynazaldi+n8ypoe4kf4vwbzvnd4tmmtfrhpdvs9xne1ec344molxhytimq
xx8qqse1llijzdmumtbrowmcewr3tcljo0xcwxfrutpd9bx74h7zqwgpkzcbszjvcrlylracisky
perhxtr0cmzsfblvvlmxp0dv1h0fejikaxhevs4a8oexky+o8rbmwu7h8yyjpt+twrdjdrkb/xne
nmicryfspxiopyfkagh/dlnkodqnycrtgoz0sfrswleua4jc+qe7bynnveg+uym4g9ci+rwbhzgo
zjmmfjmogke6mhiazoftdifjryg0+rebc5igdndqj4eorezofif3f5d3r8finxgdn0ivkac0lpee
wsel2nrrvhjqftite6glzcmyhagakbeok7evordjokgqguj+zsybhbdlaxdagpzmxpcreqfpcwng
jaqd00nal1fayleoyqe12rfhkbypvau0bcwjw8gwskgi1offuaf9j0ij9/iir5gqpwfeqdip8ahx
cogri2zmbtmdvxyvvme8bak7mfgkkqf6df+syanjoqfxistqwfejpicpjybtq+whjdcbh8swroec
tp24kzv5njryi3smkyxxjouir/jxtjzheo4ijdswgxmfenbtjpodzfdiwrhim3irjd1bc01ye/px
mwjukv1hrbzfixdvmskism1ylvhrpopuihcmo3ahlyjzeddbmbyxlrzvmxzsazxdmnshn9uiel2f
hpdyuf41pbvxhls1pzfsrd50ky3zetpzl4vjon65egsjzf3jqu5zmakbsle4atrwhtajarqfmat5
fv5jhegwpdmpsgjvmnb3myiyjwspx1yioc2dh6jinb0xzmgbh/cgna2ip+zymcvjmeywgcn/szrt
ahvgyu+um4q7yv8nwuyqioax2rch8yz88in3gmiypm9ydpvdvbjbjr9qazdsmjtk+zqztdseuyxq
msv1s5hdzc15+y8dly2gvw8encpayyo2v5wgasobapzt1hxjcrvpzaaiyx2fxuuy8ttxuvanjzwu
myhxg2no51yvst6h+zbwnbeab0ygkzwlutwfkje9tkoefz9ccn1xbszjg1wsqlcccuqd6srjwznl
exahmjjssraggkp/+rudvudc5k1vgtdxajbl+uynazdg8zmfgjkkvhyy4rwrarbdch5kirargr7x
extdhdyhuw5ciimnsj/uw6hhmrid8ovhx4mdd/oohtgnnqu1jearwkwiyno86nsnsjydsgapwaqp
6giznizdhheslejpnmogxkloulomgxgnvsiqtnpld1ljrlmrazgn9nm5obkqusoy4qf0q5o4vhqr
pcy5ariqads= (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqug (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquuf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqva (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvalla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.9.1.9) gecko/20100315 firefox/3.5.9 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvsc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nfqaaxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlo+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejloc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlora (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlqb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlqc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvcciejlqe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqyc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqycdupper.com&p=r0lgodlhyaa8apcaaaaaaaaamwaazgaamqaazaaa/waraaarmwarzgarmqarzaar/wbvaabvmwbv
zgbvmqbvzabv/wcaaacamwcazgcamqcazaca/wcqaacqmwcqzgcqmqcqzacq/wdvaadvmwdvzgdv
mqdvzadv/wd/aad/mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmradmrmzmrzjmrmtmr
zdmr/znvadnvmznvzjnvmtnvzdnv/zoaadoamzoazjoamtoazdoa/zoqadoqmzoqzjoqmtoqzdoq
/zpvadpvmzpvzjpvmtpvzdpv/zp/adp/mzp/zjp/mtp/zdp//2yaagyam2yazmyamwyazgya/2yr
agyrm2yrzmyrmwyrzgyr/2zvagzvm2zvzmzvmwzvzgzv/2aaagaam2aazmaamwaazgaa/2aqagaq
m2aqzmaqmwaqzgaq/2bvagbvm2bvzmbvmwbvzgbv/2b/agb/m2b/zmb/mwb/zgb//5kaajkam5ka
zpkamzkazjka/5krajkrm5krzpkrmzkrzjkr/5lvajlvm5lvzplvmzlvzjlv/5maajmam5mazpma
mzmazjma/5mqajmqm5mqzpmqmzmqzjmq/5nvajnvm5nvzpnvmznvzjnv/5n/ajn/m5n/zpn/mzn/
zjn//8waamwam8wazswamcwazmwa/8wramwrm8wrzswrmcwrzmwr/8xvamxvm8xvzsxvmcxvzmxv
/8yaamyam8yazsyamcyazmya/8yqamyqm8yqzsyqmcyqzmyq/8zvamzvm8zvzszvmczvzmzv/8z/
amz/m8z/zsz/mcz/zmz///8aap8am/8azv8amf8azp8a//8rap8rm/8rzv8rmf8rzp8r//9vap9v
m/9vzv9vmf9vzp9v//+aap+am/+azv+amf+azp+a//+qap+qm/+qzv+qmf+qzp+q///vap/vm//v
zv/vmf/vzp/v////ap//m///zv//mf//zp///waaaaaaaaaaaaaaach5baeaapwalaaaaadiadwa
aaj/apcjfchgzmcdcbmqxmiwocoha+spuwax4kaxk9cgybixo0eoidvyjkamzmmjjdgisciy5b6c
bl3kzehrykzma2vkradngu+foisgxagse8mjj5eihbpwkhirhvvgzcgxprkqhunodsjmxkymqhhq
nfozkfiwe9mso3iwgemyxiyunckqgt27d2esvtv07mgbopfchhljpum0t/dbm7mpcu7febpahqzr
b8wcb+sl5mm1q0dlj11qvkjrqrijmqgxrix3dckjeidgfghtngm2jxhwfmhbp17eayfnnan6d9if
o5xbrlx8sbjhnke/tj0wjuny0ip3tugmutixit+3/8z0ibhsyuab6mtuhca08dnrs4781dru4hep
m9s8g+fc8zotzt9ednegnepefmiwbgkp1159phl2v38o3frfrzonvv1bjdl14wyzaefduiehzjxa
twwh4e0ecfgugyihcr5d3rm0wcb67vntjpvlwpxneefnuybicxnfqb+egjgkfhxv3wevdugyqjxq
ekrlgc1uyeobztjrieaxpvmowgnhy2hxskgqa1qcubbzivbh5mcnoireckvgbphmoffyepkkiqgw
mpvytivyvjzwkjdgyujthydqz6f0mnhkk45puelfitrlknc+jzyoxfazuqqmytshettaqtn13yka
vv8u13ln3vbpkciyfdtskmoul6hskysquyriimmhm2pkw0yijbzlltxvf1ovdmakjolz2wpqjckv
dzpydtp25qlctqkmsg9ymmi9c01wd0znstgfnjq69mfq9cz61rhnchmxswwpcu1qmcswgghwuysp
snbmqtitm3qp0g52muqlistr6yvvijk7gmecxhtxqzncplbllqmzl0he3hbwwqde8o1xj5wells4
xdwdrdoa2cx3l8mrm2ajbzeywt42mmivyo3kfrpgxmqzzpskexmmmxsvqb4nwwlxlngcupz3gh0l
x0kztdljdqyxbeamb9cxgpik6arcdmrsblwi+t3/1ufrrn3e78afxc2szxdzmmlorejyfn2f4ora
xbslshrmcbes+dsrsg3upnspglo9mctatq2uavzyqzmcyldqrhsp3zcn/at5zkmiiapyz00ct3wk
p92gxgtvfu3smpuedve3cutgjkf+a6moabr8axfatmetlxk7b6zftpz8edegaka1wpccfdifghwm
xtbzwbiw8eojhyl5pknfn7xfapb3qddxsugsj4yytgj7eqqcrabxo7hmqiyfgsbtatet2cjelx/d
vfhk97ygja9gt3evqicgns3ncyc4idznbpmstsnmvky60mxg56ggww5ibshjjgaagaedyyc1kgqr
/2ocphujzyj0kknmyva+yo3qqgaajqn5xaeqpqux5rpjutzsuhsw8gj14wm/aloqh4flwcctim4u
kzmlvushiznlq3xxmbjdlqyjtimfvneqgmtcacuq14melueeykgob6xxdcc3inneccddywro2cu+
fiiqeyso2en+pto3fniiluqfhq1wsj79pwgxe4r1lkouc3veiokehu5mz5weawu2tjoigm7anmlq
btcuoc7lhgw/ihjrjmwdgcvfjro/lcyoqcli9gschkxk8melgopedgmdn3txzp9zm0psiduawmqy
kyrgz37vgzbgthjoponcztuvzwqybslrhad4r/+mc+qszxastgen8b+jbarr1mtvaibojew4or4g
/etx8ge4zfdklevjieqqslgnnky+4xpkdq+0mc2izhld9n93shiqjfwsix80nwaqpzlpwqrymtiv
mwjzqjl1pxnvy6b1lmtlhcqsmazjjumwepq0qc5lwromsxb4eaqe0kmbed5h1zyvc9euj5drsbp/
1nlxsm9ywstikn0x1fj+xvjjucknrsbmo9pkwcroyb4gwzkkng6egzvi+nzyhwrnpdzp4yvpjkic
gryja8p0nbqvopw8ctu1wzerstrkftcyxiwq1bztpeondlltrwtbf4kaqzsdqrwamzojstcypzt/
kbmiywivh4zmiw7vlfucyvq4fge9ncmepvhdy1cqcchmsi2zuaejvqgslaw8tykihqzxm8lswd0k
iyotcmciairpmq0ijwcoelefqy1k85fw4k9jbfi2aohiuv9k0j90pt7m1u0z6s1d8u4zg7malz9i
paghc/yr8prki7xrw9qo4htqukv2rnefnx3ucojc1jvo2+mapxnclc0eowdbweo6mznufovlqrym
7cyhvamqzabuxdadknijvmxfclbr3egwalyk2hafg5ko/ua0ofy6ilq24wslutm5yrjtltfzn0km
rranasatqetj8ishrb31xmya2ena9gyykgyv/3dp2w7lagbokmblkxrz3wyo4yuvszpkews0zj4b
aas1ub+zibkanpov8f5fegsvrzewc6rw8wwimcoxqtk3uxv9s8qwxuif+/k40bpyr8wtgyvsjlao
nisw1plyl7/7upqwfrxozwiwd+oj+0hsig7jd6y8/ekgdedy3a202fguf80lmixwtbfqfpjxqgax
lt8xci0l5im6m4hb0gaki7gdncw80gphe4jawovlkwamexgjymbizj8lmkxrbqraikmn19e8umfq
7clgznuz7wztwc67gaegwtwgznz64ssknuyjfhbauk7ixjjgka4q07tho7d04fmdds+cmq9mav+s
suxm5sskcaglo86nc7lwezqy1nlxpu2sc63zpfrudgupt0dka64ycvgle5ujbzpdbzg4qset2rnu
c8nl3saezswsdgaazlky80avzgqyda3m7eq8tstqo7n4zzvsi7nmxn/60gcxdr6iv8zwculfginc
nno7kz40sebkc/p3t9asdasrn9bdsncgnb5lzz6ri4xvu7cczmyerfbpvehcutzupew58gwhvhge
4kshk9qymtggqbmsbsf8oy7/sqw+xx0m6cz1kbk47ssz+qu7lu9e8mwfepwch5yxrya2cw22gul7
lyosmfzcd9wd1qrkjypnqzzbbsy7zzxqntl/ryo00cvqbmooocmb9iz0qghol+xmbs8rg20piven
calm+dhznspeehkw5sg2c180dqpjxhkerbyu5idmgl+7onex1cgwis/s10qarhd7z1f10h0oew45
9w0mq1auzh5psrj41saxswky80wmazhajgwxaxrlrdkbkxmgvhqimrzdtyhdxsvyfi46zcdzexvw
qvip13jp8zz8yx1fmzsnqwmskknqmsord0qhuxmnwyixaenkxxf1g20yczek9hytdkdp0xie9rzr
8suof2mzzxzkyxf6byu4whln8ls/metkcnldccjmyxuysk3a00e6lzqomx8zouuybe5drbqk/xyd
ckgbqnd9r6fxggcrhpgqftfodpgbwnip9onqa4iswqg7ynymbefigfe8k1eek0nnjtjpvtjyeevs
4/ogmekjmavpq6glmsituuytoknth9fqocep/5mqehm4ghqe6ecwswgjzkgxb6rrxoztixmz1aff
kke2pzdkikeqvsf47jcyhnemuiemjvesdgyxpzgjovmuumg0i2gn3wunmpgnmgjbqkjey5vzy1qx
rdcupfm0p1hoxmqwaik75fzaeoevmfiw5qjr83db6ceianfaruiinxeje0nneeh7yugsg4ftaygt
8xdsqfhsfaihx4gkr5fk42us1gd9e4h6c+/bcreehfwig4lyfagbxhppvebieppvkl44hrfbewmt
bujrk+orirnrk9bzenxcg/cnhneyrrm5salnjr6olorxjawhkpobzaluuznhrb4gomylewwyyfdo
ididkh85uppiemcslqznyw8ssyqychjelmxplmlhnmpzowgdu3ejhe8njlwolibczdpdjcpiljak
hxpcwlkmlerbjoyiko1zexyjle6muemczjhei0dksq+rfksjesrqmqzzm3xbeldprq+jijgofkbc
y4hjm8lzklezg9g0dxokhbdbm8njndscf8syi2skjtpynlyzeaa7==na2ip+zymcvjmeywgcn/szrt
ahvgyu+um4q7yv8nwuyqioax2rch8yz88in3gmiypm9ydpvdvbjbjr9qazdsmjtk+zqztdseuyxq
msv1s5hdzc15+y8dly2gvw8encpayyo2v5wgasobapzt1hxjcrvpzaaiyx2fxuuy8ttxuvanjzwu
myhxg2no51yvst6h+zbwnbeab0ygkzwlutwfkje9tkoefz9ccn1xbszjg1wsqlcccuqd6srjwznl
exahmjjssraggkp/+rudvudc5k1vgtdxajbl+uynazdg8zmfgjkkvhyy4rwrarbdch5kirargr7x
extdhdyhuw5ciimnsj/uw6hhmrid8ovhx4mdd/oohtgnnqu1jearwkwiyno86nsnsjydsgapwaqp
6giznizdhheslejpnmogxkloulomgxgnvsiqtnpld1ljrlmrazgn9nm5obkqusoy4qf0q5o4vhqr
pcy5ariqads= (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqqycsonalift.com&p=r0lgodlhyaa8apcaaaaaaaaamwaazgaamqaazaaa/waraaarmwarzgarmqarzaar/wbvaabvmwbv
zgbvmqbvzabv/wcaaacamwcazgcamqcazaca/wcqaacqmwcqzgcqmqcqzacq/wdvaadvmwdvzgdv
mqdvzadv/wd/aad/mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmradmrmzmrzjmrmtmr
zdmr/znvadnvmznvzjnvmtnvzdnv/zoaadoamzoazjoamtoazdoa/zoqadoqmzoqzjoqmtoqzdoq
/zpvadpvmzpvzjpvmtpvzdpv/zp/adp/mzp/zjp/mtp/zdp//2yaagyam2yazmyamwyazgya/2yr
agyrm2yrzmyrmwyrzgyr/2zvagzvm2zvzmzvmwzvzgzv/2aaagaam2aazmaamwaazgaa/2aqagaq
m2aqzmaqmwaqzgaq/2bvagbvm2bvzmbvmwbvzgbv/2b/agb/m2b/zmb/mwb/zgb//5kaajkam5ka
zpkamzkazjka/5krajkrm5krzpkrmzkrzjkr/5lvajlvm5lvzplvmzlvzjlv/5maajmam5mazpma
mzmazjma/5mqajmqm5mqzpmqmzmqzjmq/5nvajnvm5nvzpnvmznvzjnv/5n/ajn/m5n/zpn/mzn/
zjn//8waamwam8wazswamcwazmwa/8wramwrm8wrzswrmcwrzmwr/8xvamxvm8xvzsxvmcxvzmxv
/8yaamyam8yazsyamcyazmya/8yqamyqm8yqzsyqmcyqzmyq/8zvamzvm8zvzszvmczvzmzv/8z/
amz/m8z/zsz/mcz/zmz///8aap8am/8azv8amf8azp8a//8rap8rm/8rzv8rmf8rzp8r//9vap9v
m/9vzv9vmf9vzp9v//+aap+am/+azv+amf+azp+a//+qap+qm/+qzv+qmf+qzp+q///vap/vm//v
zv/vmf/vzp/v////ap//m///zv//mf//zp///waaaaaaaaaaaaaaach5baeaapwalaaaaadiadwa
aaj/apcjheiwomgdcbmqxmhq4krmkxpkfjijwmvmewc+zmixo8epbtojflnvokilgd0sy5hjdmsc
yg6uvihy5mqgyghoqkmmdcifqipgxkhs6d4xamqgdtnsptotix+sljgjtdv9yh7whilqgtflmwia
hwhu6dsganmsbvjpyd00oynqjdfjqv2lid1gbrrvotakoyhazfjuq9goapoqbtr2rs7fbdskncp5
hxq4k3b6hmvwrtkkiinshl3poslmyf82lyrsl1/dnwk+jsgz8utba+3axkoqmka4l1umpghu7ekr
yc1uftpjcdlza88exijaj0pbwwv+nszs7gdcu2xj/11cj3pcuhcf12xiuz5vgim/xzb4fkn9yvt8
z8eaoxpih3ih9f5phe0x3lbtixvdqrvnba16cuwxl0oxhsszmpinajcbp1wllgnikpmzbdex99jp
sgvngztjofugenal5fjbaq4ehhs04tchzbwbz5ldyjwxgnayicgruljb9lfxaumglkszthrjqdyd
bbesavlwfeftndugyqzhnf9mi421vh11lziqhlk2wdb2x5gikxhqqlbxegy6mzjrnsyuv2uxuvcs
eddowfpkgguyooqi2qxixrckhf9oa/pk0zdmojyqm5bdocl7ovrup0msbzlurenl9yvhqw2i0kyf
5f8ue1ycilqvsxbv5+rrcez31jxvcglzrxvvyjtlgxpupagssrmtgcszuiqzgh6ruzdwxbrpjf+y
yalivh10g5b06jabjkuf9xfsqfjkq1tyhqnzqbjp2fzmaer33kysbotbzrlsfdhfvw17wbgxirvt
ucqvrk6psaiwy23twutjdlhn2oh1qyqexjhasbohc1vi6hbnsw186mvxnvqygo+93kjc+nwqlrpa
nrmhtchcm61bq8wf48lepsdsarbmzixunylvbnpkhvqlvdxila6kddelerxeshusxflbbrrvt30s
ktdb2utm188e1f9k8songrsrh7g0uwfxifbgeq3/6e90+wtcfjqxlnowwq0nucrhepxmhkxhe6r3
3dayc9ekn5x95twjs4zuscrcijhvpfwkhfqmmtr54balj3pmeaxlj0wqxwd7y4xc1famnjcqazhb
lvdyudsznvzxbq6fyqoxhix8nxvvtovaesmegnw9fyoh8slxpnjcu0ynnk8/y/vwddfynr4by0be
lqbw+te6qbobrax8fyd1lxzygzsj7qaonimowjk5biz18bfl1z4eaaayaaarcmn2raszwsxgoxks
ehnatjbi9cc6w1gg7qb4gxwkr04mwtlerjaqyglto3lhe8lw4savgmcghqul+zqbjakuxyo72d52
/8rggbjc8iyxcoadadcnpztncxkpwznypcotdep6vcvjcnfhdiumscad8s3mptyzzrfddeym4a24
rt6ycksy0fjjv7qhpk8umx22k2iskcihksvllekeghdemmcydguox0hkd4eguim4iykwo1pwbgqd
uabbfdcizsq4lkabdehrolgigbr4weaauqx0fmvxyqo482bho5cmocwbqean8y02dptfewujkpqb
wccv8qr5rpqsnahtirwkcggw8on/dec9kspjsv6hpqzu6t1gyhgoe+k84vnkbg1cix9lqeagtzmy
boatmqaeneba5jj5ngesjwi7hseno81p4mviav/bkcwgrd1bijf7lzuzyez6jthoqkkepkpqpcob
kgr85ieg/8qqgdhqig8uuqiajbnfwjkmdpskzbluayefxog8dyk5g0ukewfshb8r4scm0giggblr
iidknbhbrylba1yi1ocnedr0ygsragwga9mazmso4araw4xzrjy4pheaistx4grrzfzuidhmyo2g
mqxsjleipsnzagfjm7feq1c+hz6vgnq9ersej/9kyblwcj1wyqwe6comr2owqbmolsjhni8bbvjo
ywehnhbz0aedm9dy8ay9xcgkagpwiej0zsa1xvaycxgjg8lpo0jqhfmkuiri8ha+zifvmlrd1mv/
dur9w6xmeqrvkmwa8waybq6mepkjjk6ggac7d4tq4xlhhiw9jcthew2i0tumbsyqawrzcndrapzi
t0jzgc7x0qopps04rwmox3xcrrzojrzcjmgnuidhlyiss5fj2nfaoykg9qrltvyrmdsik53ycjxp
skxhnztcosyjq358yblvmiybsmssbjipveytfdlnc6vgtewz6kiyr9gtkrhpixvqt4iglyuqhcuk
lym6rbonpxf7agcmgpvty14mqjehbjrovmbdweylskkihot4q58ap3r2rc356nissakgf4lj8ja2
q+as4wlujjnkkjvdnc7db8m5radp6rsg9nep/3l/6vmddfwsuwsns3ssq2aqij2cfvepsmtez4hx
locmasxntseobyla2axxyq9bg2wneldshmzdnwhqmvjsrvyz1xzdmsimh9oxko4dgnwidolgcyax
huygvvwzizgqxxveajfqc2ah6xlhomgwkbjckaxfxd7+ljfdwhqopu4coenmjvvsctqeuyil4t7o
nhh9kezq2glzdsqnztuwkdpl4oqmroutoz6qu6azzdiaq5kookfdr6vvq/rnbhxwlhoyrqfrlvvn
4tgim4jgeza6vaqjj5vuluqdflmluiiczxcskskuvmkx6ollinjdd10eu2cpiescgklpmc+j0v8a
ch7geqqaasngtym4rp4jgtpyxkdwnobl/klz9vlsmxoz8bfujs9bh4spjdbwxdfo6xegse/u6zgk
vlkwkqdwio7qqohuvpbd2rxi1vkxm6xztljlpidclgwa6tvqed4a6esirgohy1ehcguuzxmbo6az
2vleknppxuqqmleevo5pnjrud1psenykaigy1gnivcxdlfvzr9kg2tkutxjf0nwy7gqbrj9dgufl
ylkfeylirdcaqyqw7kfxagl6wvvnkuwm5foctcmpgvnotaymqkaqs5pimoxahdqzmhdchafy7nzo
ofnse1skrf3bscau+ozomy9idyslczfl0yp/pqvptog5z2mhkuz/hpotprsxifea5qnltscwls6y
trnx5yx5kn6pj5o9jitdqtzzyzinlhhomn8youmw1vfwyverbleb1x/5chg2o2jzfammpek4grnp
ihkecj3ksfbh4h6cihynazaldi+n8ypoe4kf4vwbzvnd4tmmtfrhpdvs9xne1ec344molxhytimq
xx8qqse1llijzdmumtbrowmcewr3tcljo0xcwxfrutpd9bx74h7zqwgpkzcbszjvcrlylracisky
perhxtr0cmzsfblvvlmxp0dv1h0fejikaxhevs4a8oexky+o8rbmwu7h8yyjpt+twrdjdrkb/xne
nmicryfspxiopyfkagh/dlnkodqnycrtgoz0sfrswleua4jc+qe7bynnveg+uym4g9ci+rwbhzgo
zjmmfjmogke6mhiazoftdifjryg0+rebc5igdndqj4eorezofif3f5d3r8finxgdn0ivkac0lpee
wsel2nrrvhjqftite6glzcmyhagakbeok7evordjokgqguj+zsybhbdlaxdagpzmxpcreqfpcwng
jaqd00nal1fayleoyqe12rfhkbypvau0bcwjw8gwskgi1offuaf9j0ij9/iir5gqpwfeqdip8ahx
cogri2zmbtmdvxyvvme8bak7mfgkkqf6df+syanjoqfxistqwfejpicpjybtq+whjdcbh8swroec
tp24kzv5njryi3smkyxxjouir/jxtjzheo4ijdswgxmfenbtjpodzfdiwrhim3irjd1bc01ye/px
mwjukv1hrbzfixdvmskism1ylvhrpopuihcmo3ahlyjzeddbmbyxlrzvmxzsazxdmnshn9uiel2f
hpdyuf41pbvxhls1pzfsrd50ky3zetpzl4vjon65egsjzf3jqu5zmakbsle4atrwhtajarqfmat5
fv5jhegwpdmpsgjvmnb3myiyjwspx1yioc2dh6jinb0xzmgbh/cgna2ip+zymcvjmeywgcn/szrt
ahvgyu+um4q7yv8nwuyqioax2rch8yz88in3gmiypm9ydpvdvbjbjr9qazdsmjtk+zqztdseuyxq
msv1s5hdzc15+y8dly2gvw8encpayyo2v5wgasobapzt1hxjcrvpzaaiyx2fxuuy8ttxuvanjzwu
myhxg2no51yvst6h+zbwnbeab0ygkzwlutwfkje9tkoefz9ccn1xbszjg1wsqlcccuqd6srjwznl
exahmjjssraggkp/+rudvudc5k1vgtdxajbl+uynazdg8zmfgjkkvhyy4rwrarbdch5kirargr7x
extdhdyhuw5ciimnsj/uw6hhmrid8ovhx4mdd/oohtgnnqu1jearwkwiyno86nsnsjydsgapwaqp
6giznizdhheslejpnmogxkloulomgxgnvsiqtnpld1ljrlmrazgn9nm5obkqusoy4qf0q5o4vhqr
pcy5ariqads= (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqug (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mquuf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqva (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvalla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.9.1.9) gecko/20100315 firefox/3.5.9 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqvsc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nfqaaxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jeff\AppData\Local\Temp\0.6363257705763382.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\0.9622400764700801.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\Jeff\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\setup.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\Jeff\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Roaming\Bitrix Security\tuduewai.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\2843344071 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\csncui.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\s6wdspbkhh.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\ccuddji.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\Temp\kxtkd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\orrm.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Windows\csrss.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\win.exe (Trojan.Downloader) -> Delete on reboot.

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 10:17 am

Update: another run of MBAM shows no issues, however still experiencing popups (new tabs) in firefox and Google Chrome not loading pages at all.

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by Belahzur on Tue 26 Oct 2010, 11:05 am

Hello.
You only posted Extras.txt of OTL, please post OTL.txt as well.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:44 am

Belahzur wrote:Hello.
You only posted Extras.txt of OTL, please post OTL.txt as well.

Sorry about that... putting it up now (or trying to, won't let me attach)

OTL logfile created on: 10/24/2010 9:37:41 AM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = F:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 24.48 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 208.43 Gb Free Space | 22.38% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 39.31 Gb Free Space | 2.81% Space Free | Partition Type: NTFS
Drive F: | 736.20 Gb Total Space | 498.36 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 124.47 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive H: | 465.65 Gb Total Space | 313.93 Gb Free Space | 67.42% Space Free | Partition Type: FAT32
Drive M: | 30.41 Mb Total Space | 15.01 Mb Free Space | 49.36% Space Free | Partition Type: FAT

Computer Name: SEVEN | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\crypserv.exe
PRC - [2010/10/24 09:35:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.com
PRC - [2010/10/23 15:24:59 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Jeff\AppData\Local\Temp\win.exe
PRC - [2010/10/23 15:24:57 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Jeff\AppData\Local\Temp\setup.exe
PRC - [2010/10/23 13:44:44 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Jeff\AppData\Local\Temp\winamp.exe
PRC - [2010/10/23 13:44:43 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Jeff\AppData\Local\Temp\avp.exe
PRC - [2010/10/23 13:44:42 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\win.exe
PRC - [2010/10/23 13:34:42 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe
PRC - [2010/10/23 13:34:42 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Users\Jeff\AppData\Local\Temp\avp32.exe
PRC - [2010/10/23 13:34:41 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\csrss.exe
PRC - [2010/09/19 17:21:18 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/02 00:00:00 | 002,291,552 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2010/08/24 11:39:56 | 004,916,280 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
PRC - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2010/05/31 09:37:53 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2010/05/13 03:41:08 | 000,174,592 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-service.exe
PRC - [2010/05/13 03:41:08 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-agent.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 18:00:16 | 000,603,472 | ---- | M] (ACD Systems International Inc.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2009/11/18 22:39:42 | 007,968,912 | ---- | M] (Ventis Media Inc.) -- C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
PRC - [2009/11/18 04:04:10 | 000,893,192 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe
PRC - [2009/11/18 04:03:52 | 000,337,160 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2008/11/04 23:33:32 | 000,307,673 | ---- | M] () -- C:\Program Files (x86)\toggle hidden\ToggleHiddenFiles.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 09:35:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.com
MOD - [2009/11/18 22:40:58 | 000,053,904 | ---- | M] () -- C:\Program Files (x86)\MediaMonkey\MMHelper.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/29 10:00:55 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2010/07/08 09:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/05/29 09:59:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/13 03:41:08 | 000,174,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Subsonic\subsonic-service.exe -- (Subsonic)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/27 12:54:18 | 001,089,536 | ---- | M] (SageTV, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\SageTV\SageTV\SageTVService.exe -- (SageTV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/15 10:28:10 | 001,756,672 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2010/03/10 00:00:06 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/03/17 13:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 3B 96 CE DD FE CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/07/19 13:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/19 13:30:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/23 10:58:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/19 17:21:19 | 000,000,000 | ---D | M]

[2010/05/31 09:31:44 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2010/10/23 11:59:23 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions
[2010/09/19 17:21:23 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/08/25 15:59:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/25 15:59:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/31 09:48:35 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/02 19:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions\staged
[2010/08/25 15:59:59 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\04qjin50.default\extensions\sxipper@sxip.com
[2010/07/03 23:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/11 18:38:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\autofillForms@blueimp.net
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\smartbookmarksbar@remy.juteau
[2010/06/11 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\6d146epi.jeffOLD\extensions\sxipper@sxip.com
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/11 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\autofillForms@blueimp.net
[2010/06/11 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\moveplayer@movenetworks.com
[2010/06/11 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\smartbookmarksbar@remy.juteau
[2010/06/11 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\extensions\sxipper@sxip.com
[2009/06/23 19:09:51 | 000,001,595 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\searchplugins\amazondotcom.xml
[2009/06/23 19:09:51 | 000,001,595 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\searchplugins\ebay.xml
[2008/09/25 14:24:20 | 000,001,504 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\searchplugins\imdb.xml
[2008/09/25 14:24:43 | 000,001,620 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\n7ujhhla.defaultOLDSTUFF\searchplugins\mozilla-add-ons.xml
[2010/10/23 11:59:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/20 11:33:42 | 000,002,209 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/07/05 16:36:01 | 000,000,896 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [cwanermxos.exe] C:\Users\Jeff\AppData\Local\Temp\cwanermxos.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [Lvcciejlo+] C:\Users\Jeff\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lvcciejloc] C:\Users\Jeff\AppData\Local\Temp\avp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lvcciejlora] C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lvcciejlqb] C:\Users\Jeff\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lvcciejlqc] C:\Users\Jeff\AppData\Local\Temp\win.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lvcciejlqe] C:\Users\Jeff\AppData\Local\Temp\setup.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lvcciejlrxc] C:\Users\Jeff\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKLM..\Run: [Mqqyc] C:\Windows\csrss.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqqycdupper.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJFChGzMCDCBMqXMiwocOHA+spUwax4kAxk9Cgybixo0eOIDVyJKaMZMmJJDGisciy5b6C
Bl3KZEhRYKZMA2vKrAdNGU+fOisGXagsE8mjJ5EiHbpwkhiRHVVGzcgxprKqHUNOdSjmxkymQhHq
NFozKFiWE9MSO3iWGEmyxIyunckQGt27D2ESvTv07MGbOPfChHljpUM0T/dBM7mPcU7FeBPahQzR
b8WCB+sl5Mm1q0DLj11qVkjRqRijmQgXRIx3dcKJEidGfghtNGm2jXHWFmhbp17eAyfnNAn6d9iF
o5XBRLx8sBjhNkE/tJ0wJunY0iP3TUgMutiXiT+3/8z0ibhsyuAb6mTuHCa08DNRS4781Dru4Hep
M9S8G+Fc8ZOtZt9EdnEGnEPEfMIWbGkp1159phl2V38O3fRfRZONVV1BJdl14WyZAefdUIEhZJxA
tWWH4E0ECfgUgYihcR5d3rm0WCb67VNTjpVlwpxNEeFnUYbiCXnfQB+eGJGKFhXV3WEvdugYQjXq
eKRLgC1UYEOBZTJRieAxpVmOwgnHY2hXskgQa1qCuBBZIVbH5mcNoiReckVGBphmoFFYEpKkiQGW
mPvYtiVyVjZWKJDgyUjThyDqZ6F0mNHkk45puelfiTrlKNc+JZYoXFAZUqQMYtshettAqTn13YKa
Vv8U13ln3VBpkCiyFdtSkMoUl6hskYSQUYriimmhM2pkW0YIjbZllTXVF1OVdMaKJoLZ2WpQjckV
dZpYDTp25qLcTQKmsG9ymmI9c01WD0ZNSTgfnjq69mFQ9CZ61rhNchmXswwpCU1qMcSwggHWUYsp
SnbmqtiTm3qp0G52mUqliStR6yVVijk7GmeCxhTXQzNCpLBLlqmZl0HE3HBwwQDE8O1XJ5WELls4
xdWdRDoa2Cx3L8mrM2AjBzeYwT42mmivYo3KFrPGxmqZzpSKEXMMMXsVqb4nwWlxlnGCupZ3Gh0l
X0KZTDLJDQYXbEAMb9cXGpik6aRcDMRsBLWI+T3/1uFrRN3E78AFXc2SzxdzmmlOreJYFN2F4oRa
XBslShrMcBes+dsrsG3uPnsPGlo9mcTAtq2UaVZYQZMcyldqrHsp3ZcN/aT5ZkMiiaPYZ00Ct3Wk
p92gxGtVfu3SmpuedVe3CuTGJKf+a6mOaBR8AxfatmetlXk7B6ZfTpZ8EDEGAKA1WpcCFdifghWM
xtBzWbiw8eOjhyL5pkNfn7xFapb3QdDxSUGSJ4YYTGJ7eQqcraBXO7HMqiyFgsbtateT2CjELX/D
VfhK97YGja9gT3EVqICGNs3NCYC4idZNBpMStsnMVky60mxg56GGWW5ibsHJjgAAgAEdyyc1Kgqr
/2oCphuJZYJ0KknmYvA+Yo3QQGAajQn5xaeQPQUx5rpJUTZSuhsw8GJ14wm/aLOQH4FLWCcTiM4U
kzmLVUSHIzNLQ3xXMBJdLQYjtImFvneQgmTCACuQ14MElUeEyKgoB6xXDCC3INnEcCddYWRO2CU+
FIIqEyso2EN+pTO3FNIiLuQfHQ1wSJ79pWgXe4r1lkOUC3VEIokEHU5MZ5WeAWU2TJoIGm7ANMlQ
bTcUoc7LhgW/IhJRJmwDgCvfJrO/LCYoqClI9gSChkxK8mElgopEDGMdn3TxZp9Zm0PSiDuawMQy
KYrgZ37VGzbGTHJOPONcZtUvzWQyBsLRHAD4R/+Mc+qSZXASTgEN8B+jbARr1mtVaIBoJeW4oR4g
/EtX8ge4zFDkLevJiEqqslGNnKY+4XPkDQ+0MC2iZhLD9N93ShIqJFWSIX80nWaqpzlpwQRymTIV
MWJZQJl1pXNvY6b1lmTLhCQSMaZjjumWepq0Qc5LwromSxb4EaqE0KMbed5H1ZYVc9EUj5DRSBP/
1NLXsM9ywSTIKn0X1Fj+xVJjuckNrsbMO9pKWcroyb4gwzKkng6EGzVI+NzyHwrNpDZp4yVpjkIc
GRYJa8p0nBqvopW8cTU1WZERSTRKFTcYxIWq1BzTpEondLltrWTBF4kAQzSDqrWAMzOJSTCyPzT/
kBMiYwIVh4ZmIW7VLFUCyVq4Fge9nCmEPVhdy1CqCchMsI2ZUAEJVqgSlaw8TyKihQZXM8LSWd0k
iyoTCMcIAirPmQ0ijWCOeleFQy1K85FW4k9jBfI2AOhIuV9K0J90pt7m1U0Z6S1d8u4Zg7MAlz9i
pAgHC/yr8pRkI7XRW9qo4hTqUkV2RnEfNX3UCOjc1jVo2+MaPxNClC0EowdbweO6MznUFOVLQryM
7CYhVAMQzABuXdadKnijVmXFcLBR3EGwaLyk2HAfG5ko/UA0OfY6iLQ24WSLUTM5YrjtLTFZn0km
RRanAsatQetj8iSHRB31xMya2eNA9GYYkgyV/3dp2W7lagbOkMBLkXRz3Wyo4yUvSZPKewS0zj4B
aAs1Ub+ZiBkAnPov8F5FeGSVrZewc6rW8WwimcOxqTK3uxv9S8qWxUif+/k40bpYR8WtGYvSJlaO
NISW1pLyl7/7uPqwFrxOzWIWd+oj+0hsIG7jD6Y8/eKgdEdY3a202FgUF80lMiXWTBFQfpJXqgAx
LT8xCI0L5iM6M4hB0gaKI7GDncW80GPHe4jaWOvlKwamexgJymBiZJ8LMkXRBQRAIkmn19E8UMFQ
7clGZnUz7WZtWC67gaEGwtWGZNZ64ssKnUyJFhBauk7ixjjGKa4Q07THo7d04FmDdS+CmQ9mav+s
suxM5SSkcAglo86NC7lwEzQY1Nlxpu2sc63ZpfRUDGupt0DKA64YCvglE5uJbZpDbzG4QSeT2RnU
c8Nl3SAEZswsDGAAzlKY80avzGqYDa3M7eq8TSTQO7N4zZVsI7nMxn/60gCxdr6iV8ZWCuLfGInC
nno7KZ40seBkC/p3t9ASDaSrn9BdSnCGNb5LzZ6ri4XVU7CCzmYerFBPvehCutZUPEw58gWHvHgE
4kshk9qymtGGQbmsBSf8Oy7/SqW+xx0M6Cz1kbk47SSz+qU7lU9e8mwFePWch5yxRyA2Cw22GUl7
LyOsmFzCd9wD1qRKJYpNqzzbbSy7zzxQNTL/rYo00CVqBMoOOcmB9Iz0qGHoL+xmbS8rg20PiVeN
CaLm+DhZNsPeEHKW5Sg2c180dQPJxhkeRByU5iDmgl+7onEx1CGWIS/s10qARhd7Z1F10h0oEW45
9W0MQ1aUZh5psRj41SAxswKy80wMAzhAJGwXAXrlRDKbkXmGVHqiMRzDtYHDxSvYFi46ZCdzEXvw
QVIp13Jp8zz8Yx1FMzSnQWmskkNqMSoRd0qHUxmNwYIxaEnKxxf1g20YczEK9hYTdkDP0xiE9RZr
8SuoF2MZZxZKYXf6Byu4whln8ls/mETkcnldCCJMYXUysk3A00e6lzQOMx8ZoUUYBE5DRBQK/xYd
cKGBQnd9r6FXGGcRHPgqFtFODpGBWnIp9oNqa4IsWQg7YNYmbEFIGfE8k1Eek0NnJTJPvTJYeeVS
4/OGmeKJMAVpQ6GLmsItUUYToKNtH9FQoCEp/5MQehM4GHQe6EcWsWGJzkgXB6RrXoZTixMZ1AFf
kKE2pzdkIKEQvSF47jcyhnEmuieMjVESDgYXPzgjOvMuUMg0i2GN3wUnMpGNmgJBqkJey5VZY1Qx
RdcupFM0p1hOXMQWAik75fZAEOEVmfIW5qJr83db6ceIaNFARUIinxEje0NNEeh7yugSG4FtaygT
8XdSQfhSfaiHX4GKr5Fk42Us1gd9e4h6c+/BcrEEHfwiG4lYfAgBXhPpVEbIEPPVkl44HRfBEWmT
buJRk+oRirnRK9BzEnxCg/CnhNeYRRm5SaLnJr6olORXjAwHKPOBZAlUUZnhRB4GOmYlEWWyYfdo
IdIDKh85UppiEmcSlqZnYW8SSyqycHJELmxpLMlHNMPzOWgDU3eJhe8njlwoliBCZDPDJcPilJak
HxpCWlkmlERBjoyiKo1ZEXyJlE6mUEMCZjHEI0DkSQ+RfKSJEsRQmqZZm3XBElDpRq+jIjgoFKbC
Y4hjm8LZkleZg9g0dXOkHbdBm8NJnDSCF8SyI2SkjTPYnLYZEAA7==NA2iP+zymcVJmEYWGcn/szrT
aHvGYU+UM4Q7yV8nWUYqIoaX2RCH8YZ88in3gmiypm9ydpVdVBJbJR9QaZdSMjTk+ZQZtDseUyXq
mSv1s5HDZC15+Y8dly2gVw8eNCPAyYo2V5wgASobApZt1HXjCRvpZaAiYx2FxUuy8TTXUVanJZwU
MYhxg2No51yVST6h+ZBWNBEAB0YgkZwLUTwFkje9tkoEFZ9Ccn1XBSZJg1WsQlCcCUQD6SrJwZNl
eXAHmJjssRAgGkp/+RUDVUdc5k1VGTDxAjBl+UyNAzdG8ZMFGjKKVHYy4RWraRBdCh5kiRARGR7x
eXTdhDyhuW5CiimNsj/Uw6HhmRID8ovHX4mDD/OoHtGnnqU1JEaRWkWiYno86nSnsjYdsGapWAqp
6gIzNIZdhHeSleJPnMogxKlOULomGXGNVSiqtNpLd1ljrlmraZGn9NM5OBKqusoY4QF0q5o4vHqr
pcY5ARIQADs=] C:\Windows\csrss.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqqycsonalift.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMhQ4KRMkxpKFJiJWMVMEwc+zMixo8ePBTOJFLnvokiLGD0Sy5hJDMSC
yg6uvIhy5MqGYghOQkMMDcifQIPGXKhs6D4xaMQgdTnSptOTIx+SlJgJTdV9yh7WHIlQGTFlmWIa
HWhU6dSgaNMSbVjPYD00OyNqjDFJqV2lId1GbRrVotaKOyHazFjUq9GoApOqBTr2Rs7FBdsKNCp5
Hxq4k3b6HMvwrtKkiinSHL3PosLMYf82lYrSL1/DNwk+JsgZ8uTbA+3axkoQmka4l1umPGhU7EKR
YC1uFTPJcdLZA88exIjaJ0PBwwV+NSzS7GDcu2Xj/11cj3PcuHCF12XIuZ5vgiM/xZb4fKn9yvt8
z8eaOXPIh3Ih9F5phe0X3lBtIXVDQrVNBA16cUWXl0OXHSSZMpINaJCBP1WllGNiKPMZbdEx99JP
sGVnGzTjofUgenAl5FJBAQ4EHHS04TchZBWBZ5ldyjwXGnAYIcgRUljB9lFxAumGlkszThRjQdYd
BBeSAvlWFEFtndUgYQZhNF9MI421VH11LZiQhlk2WdB2X5GIkxhqQlbXegy6mZJRNSYUV2UxuVcS
edDoWFpKggUYooQI2QXiXRcKhF9oA/pk0ZdmOjYQm5BdOcl7OvrUp0MSBZlURENl9yVHQw2I0kYF
5f8UE1ycIlQVSXbV5+RRceZ31JxVcglZrXVVyJtlgxpUpaGSsrmTGCsZuiqzgh6rUZDwxbrPJF+y
yalIVh10g5B06jabjkuF9xFSqFJkq1tyhqnZqBJp2FZMAEr33kYsbotbZRlSFdhFvW17WbGXIRVT
ucQVrK6PsAIWY23tWutjdLHN2oh1qyqEXJHaSbohc1Vi6HBnSW186mVXnvqYGO+93KJC+NWqlrPA
NRmhtcHCm61BQ8WF48lepSdsaRbmZixunylVbNPkHvqlVDXila6KDDELErXESHUSXFlBBRrVT30s
ktdb2UTm188e1F9k8SoNGrsrh7g0UWFxiFBgEQ3/6e90+wTcFjQxLNowWQ0NuCrHEPXMHKxHE6R3
3DayC9Ekn5x95twJs4zUScrcIJhVPFWkHFQmmTR54BaLJ3pmeAXLJ0wQxWD7Y4XC1FAmNjcqaZHb
lVdYUdsZNvzxBQ6fyQoxhIX8nXVvtOVAesMeGnw9fYoh8sLXpnjcu0YnnK8/Y/VWDDfYnr4BY0be
lqbW+te6QbOBRaX8fyd1lXZYGzSJ7QAonImOwjK5BIZ18BFL1z4EAAAYAAArcMn2RASzwsxGOXkS
EHNAtJBi9cc6w1GG7QB4gxWkr04MwtLeRJaQYGltO3LhE8lw4sAVGMCGhQuL+ZQBjaKUxyo72d52
/8RggBjc8IYxCOADAdCnpZTncxKpWZNypcOTDep6VCvJCNFHDIuMsCAD8s3MptYzZRFDDEYM4A24
RT6ycKsy0FjJV7qHPK8UMX22K2ISkcIhksVlLEkEgHdEmMcYDGUoX0HKD4eGuIM4iYKWO1pWbGQd
uaBBfdCizSQ4lKAbDEhrOlGIGBr4wEAaUQx0FMvxyqO482BHO5cMoCwBqEan8Y02dPtfEWUjkPQB
wCcV8Qr5RPQsNAhTIRwkCGgw8on/Dec9KspJSv6HPqZU6T1GYhgoE+K84VnkBg1cIx9LqEagTZMY
boATmQAEnEbA5JJ5NGESjWi7HsEnO81p4MvIAv/BKCWGRD1BijF7lZuZyeZ6JTHoqKKEPkPqpCoB
Kgr85ieg/8QqgDHQiG8uuQIAJBNfWJkmdpSkzBluayeFxOg8dyk5G0UkEwFsHB8r4sCM0gigGBlR
IidKnBHBRylBA1yI1OcneDr0YgsRaGWGA9MAZmso4ARAW4xZrJY4pHEAIstX4gRRzfzUiDhMYo2G
MqXSJLEipSNZAGfjm7fEq1c+HZ6VgNq9erSEJ/9kYbLwCJ1wYQWe6cOMr2oWqbmOLSJHnI8BBVJO
yWEHNHBZ0AEDM9Dy8AY9xCgkAGPwiej0zSA1XVAYcXgjG8lpo0jqHFmKUiRI8hA+ziFVmLRD1Mv/
DUR9W6xMeqrVkMwA8WAYBQ6MepKJJK6ggAc7D4TQ4xLhHiw9JCthEW2I0TUmBSyQawrzCndRAPzI
t0jZGC7x0qOpPs04RWmOX3XCrrzOjrZcJMgNuIDHLYIsS5fj2NFAOYkG9qRlTVyrmDSik53YCjXp
SkxHNztCOSYJq358yBLvmiYbsmsSbjiPVeyTFdLNC6vgteWZ6kIyR9GtkRhpixvQt4IglYuQhcuK
Lym6rbONpXf7AGcMgpVTY14mqjEhBjROVMbDWeYlSkkiHot4Q58Ap3R2rc356NISsAKgf4lJ8Ja2
Q+As4WlujjnkkJvDnC7DB8M5radP6RSg9NEp/3L/6VmDdFwSuWSnS3ssq2Aqij2CFVePSmTeZ4hX
lOcmaSxNtSEOBYlA2axxYQ9Bg2WneLDshMZDnwHQmVJSRvyZ1XZDMSiMH9OxKO4DgnWiDolGCYAX
HUygvvWZIzGqxxveAJFqC2aH6xLHomgWKbJckAXfXD7+lJFdWHqOpu4CoENmJVVScTQeUYil4t7O
Nhh9KEzQ2GLZDsQNzTUwKDPL4OqmroutoZ6Qu6aZzDIaQ5kookfDR6VVQ/RNBHxWlHoyrqFRLVVN
4tgIm4jGEZa6VAQJJ5VUlUQDFLMlUIIcZXcSKSKuVMkx6OLlINJDd10Eu2CpiEscGKLpMc+j0v8a
CH7GEqQAaSngTYM4Rp4jGtpYxKDWNoBL/KLz9VlsmxOZ8bFUjS9bh4SpJdbwXdFo6xEGsE/U6ZGK
VLkwkQDwIo7qqOhUvpbD2RXi1vkxm6XZtljlpIdClgwa6tvQEd4A6EsiRgOHY1eHcGuUzXMbo6az
2VLekNPPXUqQMlEeVo5pNjrud1PSeNyKaIgy1GNIVcXDlFvZR9kG2tKUtxjf0NwY7gqBRj9DGUfL
yLKFEYlIrdCAQyQW7kFXagl6WVvnkuWm5fOcTcmpGVNotaYmQkaqS5PimOxAHDqzmhdChafy7nzO
OFNsE1sKRf3BScau+ozOMY9IdyslCzfL0yP/PQVpTOG5Z2MhkuZ/hpOTpRSXifEa5QNLTsCWlS6Y
TRnx5YX5kn6PJ5o9JitdQTzzYziNlhHoMn8YoUMw1VFwYVeRBlEb1x/5chG2o2jzFAMmpEK4gRnp
Ihkecj3KsFbH4h6CIhyNAzaldi+n8ypOE4Kf4VwBZVnD4TmMtFrHpDvS9xNE1EC344MOlxhYtimq
xx8QQSe1llIjZDmuMTBRoWmCEWR3tClJo0xCwxFRUTpd9Bx74h7zQWGPkzCbszJvcRlylRacISKy
pERHxTr0cmZsFBlVVlMXp0dV1H0fEjikAxHEVS4A8oeXky+o8RBMwU7H8YYJpT+twRdJdRkb/xNE
NMIcRYFspxIoPyFkagh/DlNkodQnYcRtgOZ0SfRsWLEUA4JC+QE7bYNNVEg+uYM4g9cI+RWBhZgo
ZJMmfJMogKE6MhIazOFTDIFjrYg0+REbc5iGdndQj4EoReZOFIF3F5d3R8FINxgdN0IvKac0lpEe
WsEl2NRrvhJQfTITe6GLZCMYHAgakBEoK7EvordjOkgqGuJ+ZsYbHbdlaxdAgpZMXPcrEqFpCWNg
jaQd00NAL1FAylEoYqE12RFHKbYpvAU0BcWJw8gWsKgi1OFfuAF9J0Ij9/Iir5gQPWFEqDiP8ahX
cOgrI2ZMbtMdvXYvVmE8Bak7MfGKKQF6Df+SYANJOQfxisTQWfEjPicpjybTQ+wHJdCBH8SwRoeC
TP24kzv5NjRyI3smKYXxJoUiR/JxTJzheO4ijDSWGxMFenBTjPODZfdiWRhiM3IRJd1Bc01yE/px
MWJUkV1hRbZFIxDVMsKiSm1ylVhRPOpUIHCmO3AHlyjZEDdBMbyxlrzVMXzSaZXDMnsHN9UIEl2F
HPdyUF41PbVxhls1PZfSRd50KY3ZETpZL4vJOn65EGSJZf3jQU5ZmAkBSlE4aTRWHtAjaRQFmAT5
FV5JHEGWPDMpSgjVMNB3MYiYJWSpX1YIOC2DH6jInB0xZmGBH/cGNA2iP+zymcVJmEYWGcn/szrT
aHvGYU+UM4Q7yV8nWUYqIoaX2RCH8YZ88in3gmiypm9ydpVdVBJbJR9QaZdSMjTk+ZQZtDseUyXq
mSv1s5HDZC15+Y8dly2gVw8eNCPAyYo2V5wgASobApZt1HXjCRvpZaAiYx2FxUuy8TTXUVanJZwU
MYhxg2No51yVST6h+ZBWNBEAB0YgkZwLUTwFkje9tkoEFZ9Ccn1XBSZJg1WsQlCcCUQD6SrJwZNl
eXAHmJjssRAgGkp/+RUDVUdc5k1VGTDxAjBl+UyNAzdG8ZMFGjKKVHYy4RWraRBdCh5kiRARGR7x
eXTdhDyhuW5CiimNsj/Uw6HhmRID8ovHX4mDD/OoHtGnnqU1JEaRWkWiYno86nSnsjYdsGapWAqp
6gIzNIZdhHeSleJPnMogxKlOULomGXGNVSiqtNpLd1ljrlmraZGn9NM5OBKqusoY4QF0q5o4vHqr
pcY5ARIQADs=] C:\Windows\csrss.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqug] C:\Windows\smss.exe File not found
O4 - HKLM..\Run: [Mquuf] C:\Windows\spoolsv.exe File not found
O4 - HKLM..\Run: [Mqva] C:\Windows\win.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\win.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Mqvsc] C:\Windows\winlogon.exe File not found
O4 - HKLM..\Run: [omawrecxsn.exe] C:\Users\Jeff\AppData\Local\Temp\omawrecxsn.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [uPc+kt0NfqaaXms] C:\Windows\SysWow64\s6wdspbkhh.DLL ()
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [Device Detector] File not found
O4 - HKCU..\Run: [Lvcciejlo+] C:\Users\Jeff\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvcciejloc] C:\Users\Jeff\AppData\Local\Temp\avp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvcciejlora] C:\Users\Jeff\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvcciejlqb] C:\Users\Jeff\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvcciejlqc] C:\Users\Jeff\AppData\Local\Temp\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvcciejlqe] C:\Users\Jeff\AppData\Local\Temp\setup.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvcciejlrxc] C:\Users\Jeff\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKCU..\Run: [Mqqyc] C:\Windows\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Mqqycdupper.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJFChGzMCDCBMqXMiwocOHA+spUwax4kAxk9Cgybixo0eOIDVyJKaMZMmJJDGisciy5b6C
Bl3KZEhRYKZMA2vKrAdNGU+fOisGXagsE8mjJ5EiHbpwkhiRHVVGzcgxprKqHUNOdSjmxkymQhHq
NFozKFiWE9MSO3iWGEmyxIyunckQGt27D2ESvTv07MGbOPfChHljpUM0T/dBM7mPcU7FeBPahQzR
b8WCB+sl5Mm1q0DLj11qVkjRqRijmQgXRIx3dcKJEidGfghtNGm2jXHWFmhbp17eAyfnNAn6d9iF
o5XBRLx8sBjhNkE/tJ0wJunY0iP3TUgMutiXiT+3/8z0ibhsyuAb6mTuHCa08DNRS4781Dru4Hep
M9S8G+Fc8ZOtZt9EdnEGnEPEfMIWbGkp1159phl2V38O3fRfRZONVV1BJdl14WyZAefdUIEhZJxA
tWWH4E0ECfgUgYihcR5d3rm0WCb67VNTjpVlwpxNEeFnUYbiCXnfQB+eGJGKFhXV3WEvdugYQjXq
eKRLgC1UYEOBZTJRieAxpVmOwgnHY2hXskgQa1qCuBBZIVbH5mcNoiReckVGBphmoFFYEpKkiQGW
mPvYtiVyVjZWKJDgyUjThyDqZ6F0mNHkk45puelfiTrlKNc+JZYoXFAZUqQMYtshettAqTn13YKa
Vv8U13ln3VBpkCiyFdtSkMoUl6hskYSQUYriimmhM2pkW0YIjbZllTXVF1OVdMaKJoLZ2WpQjckV
dZpYDTp25qLcTQKmsG9ymmI9c01WD0ZNSTgfnjq69mFQ9CZ61rhNchmXswwpCU1qMcSwggHWUYsp
SnbmqtiTm3qp0G52mUqliStR6yVVijk7GmeCxhTXQzNCpLBLlqmZl0HE3HBwwQDE8O1XJ5WELls4
xdWdRDoa2Cx3L8mrM2AjBzeYwT42mmivYo3KFrPGxmqZzpSKEXMMMXsVqb4nwWlxlnGCupZ3Gh0l
X0KZTDLJDQYXbEAMb9cXGpik6aRcDMRsBLWI+T3/1uFrRN3E78AFXc2SzxdzmmlOreJYFN2F4oRa
XBslShrMcBes+dsrsG3uPnsPGlo9mcTAtq2UaVZYQZMcyldqrHsp3ZcN/aT5ZkMiiaPYZ00Ct3Wk
p92gxGtVfu3SmpuedVe3CuTGJKf+a6mOaBR8AxfatmetlXk7B6ZfTpZ8EDEGAKA1WpcCFdifghWM
xtBzWbiw8eOjhyL5pkNfn7xFapb3QdDxSUGSJ4YYTGJ7eQqcraBXO7HMqiyFgsbtateT2CjELX/D
VfhK97YGja9gT3EVqICGNs3NCYC4idZNBpMStsnMVky60mxg56GGWW5ibsHJjgAAgAEdyyc1Kgqr
/2oCphuJZYJ0KknmYvA+Yo3QQGAajQn5xaeQPQUx5rpJUTZSuhsw8GJ14wm/aLOQH4FLWCcTiM4U
kzmLVUSHIzNLQ3xXMBJdLQYjtImFvneQgmTCACuQ14MElUeEyKgoB6xXDCC3INnEcCddYWRO2CU+
FIIqEyso2EN+pTO3FNIiLuQfHQ1wSJ79pWgXe4r1lkOUC3VEIokEHU5MZ5WeAWU2TJoIGm7ANMlQ
bTcUoc7LhgW/IhJRJmwDgCvfJrO/LCYoqClI9gSChkxK8mElgopEDGMdn3TxZp9Zm0PSiDuawMQy
KYrgZ37VGzbGTHJOPONcZtUvzWQyBsLRHAD4R/+Mc+qSZXASTgEN8B+jbARr1mtVaIBoJeW4oR4g
/EtX8ge4zFDkLevJiEqqslGNnKY+4XPkDQ+0MC2iZhLD9N93ShIqJFWSIX80nWaqpzlpwQRymTIV
MWJZQJl1pXNvY6b1lmTLhCQSMaZjjumWepq0Qc5LwromSxb4EaqE0KMbed5H1ZYVc9EUj5DRSBP/
1NLXsM9ywSTIKn0X1Fj+xVJjuckNrsbMO9pKWcroyb4gwzKkng6EGzVI+NzyHwrNpDZp4yVpjkIc
GRYJa8p0nBqvopW8cTU1WZERSTRKFTcYxIWq1BzTpEondLltrWTBF4kAQzSDqrWAMzOJSTCyPzT/
kBMiYwIVh4ZmIW7VLFUCyVq4Fge9nCmEPVhdy1CqCchMsI2ZUAEJVqgSlaw8TyKihQZXM8LSWd0k
iyoTCMcIAirPmQ0ijWCOeleFQy1K85FW4k9jBfI2AOhIuV9K0J90pt7m1U0Z6S1d8u4Zg7MAlz9i
pAgHC/yr8pRkI7XRW9qo4hTqUkV2RnEfNX3UCOjc1jVo2+MaPxNClC0EowdbweO6MznUFOVLQryM
7CYhVAMQzABuXdadKnijVmXFcLBR3EGwaLyk2HAfG5ko/UA0OfY6iLQ24WSLUTM5YrjtLTFZn0km
RRanAsatQetj8iSHRB31xMya2eNA9GYYkgyV/3dp2W7lagbOkMBLkXRz3Wyo4yUvSZPKewS0zj4B
aAs1Ub+ZiBkAnPov8F5FeGSVrZewc6rW8WwimcOxqTK3uxv9S8qWxUif+/k40bpYR8WtGYvSJlaO
NISW1pLyl7/7uPqwFrxOzWIWd+oj+0hsIG7jD6Y8/eKgdEdY3a202FgUF80lMiXWTBFQfpJXqgAx
LT8xCI0L5iM6M4hB0gaKI7GDncW80GPHe4jaWOvlKwamexgJymBiZJ8LMkXRBQRAIkmn19E8UMFQ
7clGZnUz7WZtWC67gaEGwtWGZNZ64ssKnUyJFhBauk7ixjjGKa4Q07THo7d04FmDdS+CmQ9mav+s
suxM5SSkcAglo86NC7lwEzQY1Nlxpu2sc63ZpfRUDGupt0DKA64YCvglE5uJbZpDbzG4QSeT2RnU
c8Nl3SAEZswsDGAAzlKY80avzGqYDa3M7eq8TSTQO7N4zZVsI7nMxn/60gCxdr6iV8ZWCuLfGInC
nno7KZ40seBkC/p3t9ASDaSrn9BdSnCGNb5LzZ6ri4XVU7CCzmYerFBPvehCutZUPEw58gWHvHgE
4kshk9qymtGGQbmsBSf8Oy7/SqW+xx0M6Cz1kbk47SSz+qU7lU9e8mwFePWch5yxRyA2Cw22GUl7
LyOsmFzCd9wD1qRKJYpNqzzbbSy7zzxQNTL/rYo00CVqBMoOOcmB9Iz0qGHoL+xmbS8rg20PiVeN
CaLm+DhZNsPeEHKW5Sg2c180dQPJxhkeRByU5iDmgl+7onEx1CGWIS/s10qARhd7Z1F10h0oEW45
9W0MQ1aUZh5psRj41SAxswKy80wMAzhAJGwXAXrlRDKbkXmGVHqiMRzDtYHDxSvYFi46ZCdzEXvw
QVIp13Jp8zz8Yx1FMzSnQWmskkNqMSoRd0qHUxmNwYIxaEnKxxf1g20YczEK9hYTdkDP0xiE9RZr
8SuoF2MZZxZKYXf6Byu4whln8ls/mETkcnldCCJMYXUysk3A00e6lzQOMx8ZoUUYBE5DRBQK/xYd
cKGBQnd9r6FXGGcRHPgqFtFODpGBWnIp9oNqa4IsWQg7YNYmbEFIGfE8k1Eek0NnJTJPvTJYeeVS
4/OGmeKJMAVpQ6GLmsItUUYToKNtH9FQoCEp/5MQehM4GHQe6EcWsWGJzkgXB6RrXoZTixMZ1AFf
kKE2pzdkIKEQvSF47jcyhnEmuieMjVESDgYXPzgjOvMuUMg0i2GN3wUnMpGNmgJBqkJey5VZY1Qx
RdcupFM0p1hOXMQWAik75fZAEOEVmfIW5qJr83db6ceIaNFARUIinxEje0NNEeh7yugSG4FtaygT
8XdSQfhSfaiHX4GKr5Fk42Us1gd9e4h6c+/BcrEEHfwiG4lYfAgBXhPpVEbIEPPVkl44HRfBEWmT
buJRk+oRirnRK9BzEnxCg/CnhNeYRRm5SaLnJr6olORXjAwHKPOBZAlUUZnhRB4GOmYlEWWyYfdo
IdIDKh85UppiEmcSlqZnYW8SSyqycHJELmxpLMlHNMPzOWgDU3eJhe8njlwoliBCZDPDJcPilJak
HxpCWlkmlERBjoyiKo1ZEXyJlE6mUEMCZjHEI0DkSQ+RfKSJEsRQmqZZm3XBElDpRq+jIjgoFKbC
Y4hjm8LZkleZg9g0dXOkHbdBm8NJnDSCF8SyI2SkjTPYnLYZEAA7==NA2iP+zymcVJmEYWGcn/szrT
aHvGYU+UM4Q7yV8nWUYqIoaX2RCH8YZ88in3gmiypm9ydpVdVBJbJR9QaZdSMjTk+ZQZtDseUyXq
mSv1s5HDZC15+Y8dly2gVw8eNCPAyYo2V5wgASobApZt1HXjCRvpZaAiYx2FxUuy8TTXUVanJZwU
MYhxg2No51yVST6h+ZBWNBEAB0YgkZwLUTwFkje9tkoEFZ9Ccn1XBSZJg1WsQlCcCUQD6SrJwZNl
eXAHmJjssRAgGkp/+RUDVUdc5k1VGTDxAjBl+UyNAzdG8ZMFGjKKVHYy4RWraRBdCh5kiRARGR7x
eXTdhDyhuW5CiimNsj/Uw6HhmRID8ovHX4mDD/OoHtGnnqU1JEaRWkWiYno86nSnsjYdsGapWAqp
6gIzNIZdhHeSleJPnMogxKlOULomGXGNVSiqtNpLd1ljrlmraZGn9NM5OBKqusoY4QF0q5o4vHqr
pcY5ARIQADs=] C:\Windows\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Mqqycsonalift.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMhQ4KRMkxpKFJiJWMVMEwc+zMixo8ePBTOJFLnvokiLGD0Sy5hJDMSC
yg6uvIhy5MqGYghOQkMMDcifQIPGXKhs6D4xaMQgdTnSptOTIx+SlJgJTdV9yh7WHIlQGTFlmWIa
HWhU6dSgaNMSbVjPYD00OyNqjDFJqV2lId1GbRrVotaKOyHazFjUq9GoApOqBTr2Rs7FBdsKNCp5
Hxq4k3b6HMvwrtKkiinSHL3PosLMYf82lYrSL1/DNwk+JsgZ8uTbA+3axkoQmka4l1umPGhU7EKR
YC1uFTPJcdLZA88exIjaJ0PBwwV+NSzS7GDcu2Xj/11cj3PcuHCF12XIuZ5vgiM/xZb4fKn9yvt8
z8eaOXPIh3Ih9F5phe0X3lBtIXVDQrVNBA16cUWXl0OXHSSZMpINaJCBP1WllGNiKPMZbdEx99JP
sGVnGzTjofUgenAl5FJBAQ4EHHS04TchZBWBZ5ldyjwXGnAYIcgRUljB9lFxAumGlkszThRjQdYd
BBeSAvlWFEFtndUgYQZhNF9MI421VH11LZiQhlk2WdB2X5GIkxhqQlbXegy6mZJRNSYUV2UxuVcS
edDoWFpKggUYooQI2QXiXRcKhF9oA/pk0ZdmOjYQm5BdOcl7OvrUp0MSBZlURENl9yVHQw2I0kYF
5f8UE1ycIlQVSXbV5+RRceZ31JxVcglZrXVVyJtlgxpUpaGSsrmTGCsZuiqzgh6rUZDwxbrPJF+y
yalIVh10g5B06jabjkuF9xFSqFJkq1tyhqnZqBJp2FZMAEr33kYsbotbZRlSFdhFvW17WbGXIRVT
ucQVrK6PsAIWY23tWutjdLHN2oh1qyqEXJHaSbohc1Vi6HBnSW186mVXnvqYGO+93KJC+NWqlrPA
NRmhtcHCm61BQ8WF48lepSdsaRbmZixunylVbNPkHvqlVDXila6KDDELErXESHUSXFlBBRrVT30s
ktdb2UTm188e1F9k8SoNGrsrh7g0UWFxiFBgEQ3/6e90+wTcFjQxLNowWQ0NuCrHEPXMHKxHE6R3
3DayC9Ekn5x95twJs4zUScrcIJhVPFWkHFQmmTR54BaLJ3pmeAXLJ0wQxWD7Y4XC1FAmNjcqaZHb
lVdYUdsZNvzxBQ6fyQoxhIX8nXVvtOVAesMeGnw9fYoh8sLXpnjcu0YnnK8/Y/VWDDfYnr4BY0be
lqbW+te6QbOBRaX8fyd1lXZYGzSJ7QAonImOwjK5BIZ18BFL1z4EAAAYAAArcMn2RASzwsxGOXkS
EHNAtJBi9cc6w1GG7QB4gxWkr04MwtLeRJaQYGltO3LhE8lw4sAVGMCGhQuL+ZQBjaKUxyo72d52
/8RggBjc8IYxCOADAdCnpZTncxKpWZNypcOTDep6VCvJCNFHDIuMsCAD8s3MptYzZRFDDEYM4A24
RT6ycKsy0FjJV7qHPK8UMX22K2ISkcIhksVlLEkEgHdEmMcYDGUoX0HKD4eGuIM4iYKWO1pWbGQd
uaBBfdCizSQ4lKAbDEhrOlGIGBr4wEAaUQx0FMvxyqO482BHO5cMoCwBqEan8Y02dPtfEWUjkPQB
wCcV8Qr5RPQsNAhTIRwkCGgw8on/Dec9KspJSv6HPqZU6T1GYhgoE+K84VnkBg1cIx9LqEagTZMY
boATmQAEnEbA5JJ5NGESjWi7HsEnO81p4MvIAv/BKCWGRD1BijF7lZuZyeZ6JTHoqKKEPkPqpCoB
Kgr85ieg/8QqgDHQiG8uuQIAJBNfWJkmdpSkzBluayeFxOg8dyk5G0UkEwFsHB8r4sCM0gigGBlR
IidKnBHBRylBA1yI1OcneDr0YgsRaGWGA9MAZmso4ARAW4xZrJY4pHEAIstX4gRRzfzUiDhMYo2G
MqXSJLEipSNZAGfjm7fEq1c+HZ6VgNq9erSEJ/9kYbLwCJ1wYQWe6cOMr2oWqbmOLSJHnI8BBVJO
yWEHNHBZ0AEDM9Dy8AY9xCgkAGPwiej0zSA1XVAYcXgjG8lpo0jqHFmKUiRI8hA+ziFVmLRD1Mv/
DUR9W6xMeqrVkMwA8WAYBQ6MepKJJK6ggAc7D4TQ4xLhHiw9JCthEW2I0TUmBSyQawrzCndRAPzI
t0jZGC7x0qOpPs04RWmOX3XCrrzOjrZcJMgNuIDHLYIsS5fj2NFAOYkG9qRlTVyrmDSik53YCjXp
SkxHNztCOSYJq358yBLvmiYbsmsSbjiPVeyTFdLNC6vgteWZ6kIyR9GtkRhpixvQt4IglYuQhcuK
Lym6rbONpXf7AGcMgpVTY14mqjEhBjROVMbDWeYlSkkiHot4Q58Ap3R2rc356NISsAKgf4lJ8Ja2
Q+As4WlujjnkkJvDnC7DB8M5radP6RSg9NEp/3L/6VmDdFwSuWSnS3ssq2Aqij2CFVePSmTeZ4hX
lOcmaSxNtSEOBYlA2axxYQ9Bg2WneLDshMZDnwHQmVJSRvyZ1XZDMSiMH9OxKO4DgnWiDolGCYAX
HUygvvWZIzGqxxveAJFqC2aH6xLHomgWKbJckAXfXD7+lJFdWHqOpu4CoENmJVVScTQeUYil4t7O
Nhh9KEzQ2GLZDsQNzTUwKDPL4OqmroutoZ6Qu6aZzDIaQ5kookfDR6VVQ/RNBHxWlHoyrqFRLVVN
4tgIm4jGEZa6VAQJJ5VUlUQDFLMlUIIcZXcSKSKuVMkx6OLlINJDd10Eu2CpiEscGKLpMc+j0v8a
CH7GEqQAaSngTYM4Rp4jGtpYxKDWNoBL/KLz9VlsmxOZ8bFUjS9bh4SpJdbwXdFo6xEGsE/U6ZGK
VLkwkQDwIo7qqOhUvpbD2RXi1vkxm6XZtljlpIdClgwa6tvQEd4A6EsiRgOHY1eHcGuUzXMbo6az
2VLekNPPXUqQMlEeVo5pNjrud1PSeNyKaIgy1GNIVcXDlFvZR9kG2tKUtxjf0NwY7gqBRj9DGUfL
yLKFEYlIrdCAQyQW7kFXagl6WVvnkuWm5fOcTcmpGVNotaYmQkaqS5PimOxAHDqzmhdChafy7nzO
OFNsE1sKRf3BScau+ozOMY9IdyslCzfL0yP/PQVpTOG5Z2MhkuZ/hpOTpRSXifEa5QNLTsCWlS6Y
TRnx5YX5kn6PJ5o9JitdQTzzYziNlhHoMn8YoUMw1VFwYVeRBlEb1x/5chG2o2jzFAMmpEK4gRnp
Ihkecj3KsFbH4h6CIhyNAzaldi+n8ypOE4Kf4VwBZVnD4TmMtFrHpDvS9xNE1EC344MOlxhYtimq
xx8QQSe1llIjZDmuMTBRoWmCEWR3tClJo0xCwxFRUTpd9Bx74h7zQWGPkzCbszJvcRlylRacISKy
pERHxTr0cmZsFBlVVlMXp0dV1H0fEjikAxHEVS4A8oeXky+o8RBMwU7H8YYJpT+twRdJdRkb/xNE
NMIcRYFspxIoPyFkagh/DlNkodQnYcRtgOZ0SfRsWLEUA4JC+QE7bYNNVEg+uYM4g9cI+RWBhZgo
ZJMmfJMogKE6MhIazOFTDIFjrYg0+REbc5iGdndQj4EoReZOFIF3F5d3R8FINxgdN0IvKac0lpEe
WsEl2NRrvhJQfTITe6GLZCMYHAgakBEoK7EvordjOkgqGuJ+ZsYbHbdlaxdAgpZMXPcrEqFpCWNg
jaQd00NAL1FAylEoYqE12RFHKbYpvAU0BcWJw8gWsKgi1OFfuAF9J0Ij9/Iir5gQPWFEqDiP8ahX
cOgrI2ZMbtMdvXYvVmE8Bak7MfGKKQF6Df+SYANJOQfxisTQWfEjPicpjybTQ+wHJdCBH8SwRoeC
TP24kzv5NjRyI3smKYXxJoUiR/JxTJzheO4ijDSWGxMFenBTjPODZfdiWRhiM3IRJd1Bc01yE/px
MWJUkV1hRbZFIxDVMsKiSm1ylVhRPOpUIHCmO3AHlyjZEDdBMbyxlrzVMXzSaZXDMnsHN9UIEl2F
HPdyUF41PbVxhls1PZfSRd50KY3ZETpZL4vJOn65EGSJZf3jQU5ZmAkBSlE4aTRWHtAjaRQFmAT5
FV5JHEGWPDMpSgjVMNB3MYiYJWSpX1YIOC2DH6jInB0xZmGBH/cGNA2iP+zymcVJmEYWGcn/szrT
aHvGYU+UM4Q7yV8nWUYqIoaX2RCH8YZ88in3gmiypm9ydpVdVBJbJR9QaZdSMjTk+ZQZtDseUyXq
mSv1s5HDZC15+Y8dly2gVw8eNCPAyYo2V5wgASobApZt1HXjCRvpZaAiYx2FxUuy8TTXUVanJZwU
MYhxg2No51yVST6h+ZBWNBEAB0YgkZwLUTwFkje9tkoEFZ9Ccn1XBSZJg1WsQlCcCUQD6SrJwZNl
eXAHmJjssRAgGkp/+RUDVUdc5k1VGTDxAjBl+UyNAzdG8ZMFGjKKVHYy4RWraRBdCh5kiRARGR7x
eXTdhDyhuW5CiimNsj/Uw6HhmRID8ovHX4mDD/OoHtGnnqU1JEaRWkWiYno86nSnsjYdsGapWAqp
6gIzNIZdhHeSleJPnMogxKlOULomGXGNVSiqtNpLd1ljrlmraZGn9NM5OBKqusoY4QF0q5o4vHqr
pcY5ARIQADs=] C:\Windows\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Mqug] C:\Windows\smss.exe File not found
O4 - HKCU..\Run: [Mquuf] C:\Windows\spoolsv.exe File not found
O4 - HKCU..\Run: [Mqva] C:\Windows\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Mqvsc] C:\Windows\winlogon.exe File not found
O4 - HKCU..\Run: [uPc+kt0NfqaaXms] C:\Windows\SysWow64\s6wdspbkhh.DLL ()
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE File not found
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.exe - Shortcut.lnk = C:\Program Files (x86)\toggle hidden\ToggleHiddenFiles.exe ()
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group



Last edited by goldenmonkey on Tue 26 Oct 2010, 11:50 am; edited 3 times in total

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:45 am

SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 13:44:42 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\win.exe
[2010/10/23 13:34:41 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\Windows\csrss.exe
[2010/10/23 04:21:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/23 04:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2010/10/22 04:19:20 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Bitrix Security
[2010/10/21 23:44:05 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\04D8EC41D865A662AF7ABF8417BD1C7C
[2010/10/18 16:31:49 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\dvdcss
[2010/10/16 10:25:33 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\ElevatedDiagnostics
[2010/10/14 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetDeck

========== Files - Modified Within 30 Days ==========

[2010/10/24 09:18:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/24 08:40:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3811464812-1423854192-2135472045-1001UA.job
[2010/10/24 04:18:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/24 00:51:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 00:51:49 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 00:50:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/24 00:50:14 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/24 00:50:14 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/24 00:44:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 00:44:04 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 23:40:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3811464812-1423854192-2135472045-1001Core.job
[2010/10/23 13:44:42 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\win.exe
[2010/10/23 13:34:41 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\Windows\csrss.exe
[2010/10/23 04:19:33 | 000,021,632 | ---- | M] () -- C:\Windows\cmd.exe
[2010/10/23 04:19:32 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\s6wdspbkhh.dll
[2010/10/17 20:19:09 | 000,001,275 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/10/09 21:22:55 | 000,000,165 | -H-- | M] () -- C:\Users\Jeff\Documents\~$Financesnew.xlsx
[2010/10/06 21:59:05 | 000,010,192 | ---- | M] () -- C:\Users\Jeff\Documents\dmb fall 2010 spreadsheet.xlsx
[2010/10/06 21:59:01 | 000,017,169 | ---- | M] () -- C:\Users\Jeff\Documents\Financesnew.xlsx
[2010/10/06 16:57:52 | 011,270,842 | ---- | M] () -- C:\Users\Jeff\Desktop\Umphrey_s McGee -- Wellwishers.mp3
[2010/09/26 13:31:04 | 002,582,628 | ---- | M] () -- C:\Users\Jeff\Desktop\IMG_4067.JPG

========== Files Created - No Company Name ==========

[2010/10/23 04:19:37 | 000,021,632 | ---- | C] () -- C:\Windows\cmd.exe
[2010/10/23 04:19:32 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\s6wdspbkhh.dll
[2010/10/09 21:22:55 | 000,000,165 | -H-- | C] () -- C:\Users\Jeff\Documents\~$Financesnew.xlsx
[2010/10/06 16:57:45 | 011,270,842 | ---- | C] () -- C:\Users\Jeff\Desktop\Umphrey_s McGee -- Wellwishers.mp3
[2010/09/26 14:24:24 | 002,582,628 | ---- | C] () -- C:\Users\Jeff\Desktop\IMG_4067.JPG
[2010/09/25 13:00:59 | 000,010,192 | ---- | C] () -- C:\Users\Jeff\Documents\dmb fall 2010 spreadsheet.xlsx
[2010/07/19 15:06:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/12 13:07:52 | 000,000,442 | ---- | C] () -- C:\Windows\{1F721BB3-3E11-469C-97A3-6B2BEC758F37}_WiseFW.ini
[2010/07/12 12:37:56 | 000,010,592 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/05/30 16:09:59 | 000,000,068 | ---- | C] () -- C:\Windows\spn.INI
[2010/05/30 16:09:51 | 000,000,074 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/05/30 16:09:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/05/30 14:25:09 | 000,020,480 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002/10/11 17:21:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\FixP4.dll
[2002/08/26 22:05:44 | 000,045,056 | R--- | C] () -- C:\Windows\SysWow64\ksProptyUtl.dll
[1999/05/26 20:13:14 | 000,160,256 | ---- | C] () -- C:\Windows\SysWow64\Mase32.dll
[1999/05/26 20:12:28 | 000,060,928 | ---- | C] () -- C:\Windows\SysWow64\Ma32.dll

========== Custom Scans ==========

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:52 am



< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/08/30 16:55:20 | 000,000,003 | ---- | M] () -- C:\7Loader.TAG
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/05/29 02:47:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/28 23:59:54 | 000,203,316 | RHS- | M] () -- C:\grldr
[2010/10/24 00:44:04 | 3219,234,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 00:44:09 | 4292,317,184 | -HS- | M] () -- C:\pagefile.sys
[2010/07/05 12:33:50 | 000,000,372 | ---- | M] () -- C:\rkill.log
[2010/05/29 00:00:12 | 000,000,003 | RHS- | M] () -- C:\win7ldr

< %PROGRAMFILES%*. >
[2010/05/30 20:17:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ACD Systems
[2010/07/03 23:00:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/05/29 10:02:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Media Player
[2010/05/31 09:37:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AirVideoServer
[2010/08/24 00:08:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2010/05/30 18:18:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/07/19 13:30:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010/05/30 18:18:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/07/03 23:02:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ComcastAccess
[2010/09/04 00:37:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/08/01 11:54:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010/08/01 11:52:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2010/08/01 11:53:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2010/08/10 23:37:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digsby
[2010/06/08 23:03:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\doubleTwist 2.0
[2010/05/31 09:30:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2010/10/21 23:55:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Everything
[2010/05/30 11:06:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/05/30 10:59:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\foobar2000
[2010/05/30 20:24:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software
[2010/09/17 02:13:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/05/29 00:59:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GrabIt
[2010/05/29 01:15:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Greasemetal
[2010/05/31 09:32:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Handbrake
[2010/06/11 15:49:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HFSExplorer
[2010/09/04 00:39:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HTC
[2010/08/15 12:33:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/05/30 18:18:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/05/31 10:38:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/05/31 09:37:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/07/19 15:07:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/05/31 10:38:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Last.fm
[2010/08/15 12:33:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2010/05/29 10:23:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicISO
[2010/07/05 13:38:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/09 09:17:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MediaMonkey
[2010/07/19 13:30:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/05/29 10:35:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/05/29 10:35:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/10/23 04:21:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/29 10:36:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/05/29 10:38:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/31 20:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mIRC
[2010/10/24 00:45:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/05/30 11:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mp3tag
[2010/05/29 10:38:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/07/19 13:30:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010/07/05 16:35:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewsLeecher
[2010/05/30 11:15:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Notepad++
[2010/06/12 16:23:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Peggle Extreme
[2010/09/13 21:28:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Playlist Creator 3.6.2
[2010/05/30 19:50:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickPar
[2010/05/30 18:18:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/07/12 13:07:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SageTV
[2010/05/29 10:48:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Seagate
[2010/07/12 12:55:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2010/07/12 12:51:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony Setup
[2010/09/04 00:36:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spirent Communications
[2010/05/30 16:09:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stellar Phoenix NTFS Data Recovery
[2010/08/16 19:37:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Subsonic
[2010/07/27 12:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TightVNC
[2010/05/30 19:41:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\toggle hidden
[2010/10/24 00:44:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trillian
[2010/10/14 22:42:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TweetDeck
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/06/16 14:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/07/12 12:55:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vstplugins
[2010/07/19 14:01:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Win7codecs
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/05/31 10:38:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/07/12 12:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinTV
[2010/08/20 16:29:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%*.* >

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:52 am



< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:53 am


< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:53 am


< MD5 for: USBSTOR.SYS >
[2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by goldenmonkey on Tue 26 Oct 2010, 11:54 am

There's the whole thing. I kept getting server reset errors until I reduced the text. Only way I was seemingly able to post it... Sorry, odd.

goldenmonkey

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2010-10-25
Operating System : windows 7

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by Belahzur on Wed 27 Oct 2010, 10:52 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help fixing trojan/malware "iexplarer.exe"

Post by Sponsored content Today at 12:45 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum