Cant connect to any antivrus websites

Question

AnnieJo 0 Newbie Poster

12 Years Ago

I can not connect to any antivrus websites. I am trying to download Microsoft Security Essentials and I keep getting an error message that says My computer cannot connect to the microsoft server. I also tried going to the AVG site and received the same error message. I do not know a lot about computers so please be very specific with your advice. Thank you in advance! Oh, and I am using a windows XP operating system and Firefox browser. I dont have access to any other computer at this time, so I am using the infected computer to access this site.

antivirus message microsoft windows-virus

2 Contributors
31 Replies
571 Views
3 Days Discussion Span
Latest Post 12 Years Ago Latest Post by AnnieJo

All 31 Replies

PhilliePhan 171 Central Scrutinizer

12 Years Ago

Hi AnnieJo,

Are you able to run the MBAM and the GMER scan as directed in the Read Me First post?
If so, please post the results.

Likewise, see if you are able to access, download and run http://public.avast.com/~gmerek/aswMBR.htm as directed by the linked page.

Let us know how you fare.

Cheers :)
PP

PhilliePhan 171 Central Scrutinizer

12 Years Ago

I dont know how to attach the other file that is supposed to be a ZIP file.

Just copy and paste it - we prefer all logs to be pasted into your replies.

What about the other tools I mentioned?
You have some baddies showing that we need to try to pin down. We need to see those logs, if possible.

PP:)

Edited 12 Years Ago by PhilliePhan because: n/a

PhilliePhan 171 Central Scrutinizer

12 Years Ago

If there is anything else I can do please let me know. I appreciate your willingness to help out!

You are doing fine so far - the malware is making life a bit difficult. The main thing I wanted to see was the GMER log and it shows me what I need to see.

--- In all honesty, since you have a rootkit onboard and are running XP with SP2, you may be best served backing up your important data and then wiping the hard drive and reinstalling Windows and then updating it to SP3.

If you'd prefer to try to clean this machine, we can try - but I still recommend backing up any important data beforehand - pictures, music, documents etc...

If you want to go ahead with the cleaning process, please follow the steps in the link below to run combofix. Be sure to install the Recovery Console.
Once combofix finishes, please post the resulting log and we'll go from there:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Let me know if you have any trouble - I'll try to check back tonight, EST.

PP:)

PhilliePhan 171 Central Scrutinizer

12 Years Ago

Wow - this machine has collected a ton of malware.
Not as much as the MBAM log might indicate because a lot of those changes were made by one baddie.
But, still, there were a lot of baddies - many should have been cleaned via regular preventive maintenance....

--- Anyhoo, don't do anything else except run combofix as I mentioned in my last post. We need to see if it will remove the worst offender.
So, run combofix as the linky directs and post the resulting log for me.

I don't think it'll come to a reinstall of OS unless you choose to go that way. But, once the machine has been cleaned as best we can do, it'll need to be updated to SP3. But, you need to WAIT until the machine is clean before doing that.

PP:)

Edited 12 Years Ago by PhilliePhan because: n/a

PhilliePhan 171 Central Scrutinizer

12 Years Ago

I havent had a chance to back up any of my pictures yet. Hoping to have this done tomorrow. do you know if I send all the photo files in a zip folder to my e-mail will I be able to recover those pictures once my computer is running correctly again? I just dont want to run the combofix and risk losing all my documents.

Your best bet would be to use an external hard drive. Or, burn them to DVD or CD.

Frankly, investing in a good, large external hard drive is a good idea. That is the easiest and best way to keep all your important data safe. It is especially easy if you use a drive such as Seagate FreeAgent GoFlex - Though you might want a larger capacity drive.

It is always a good idea to have backups in the event disaster strikes.

-- Running combofix is not going to damage your pictures, etc...
Even on the tiny tiny tiny verrrry remote chance it wrecks your operating system, I should still be able to help you recover your data. So, don't worry about that.

PP:)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

AnnieJo 0 Newbie Poster · Answer 1 · 2012-01-23T04:21:40+00:00

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30
Run by Owner at 17:10:27 on 2012-01-22
.
============== Running Processes ===============
.
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\3656f0\MP365_8039.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\ClamWin\bin\ClamWin.exe
C:\Program Files\ClamWin\bin\clamscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\PC Cleaner\PCCleaner.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(1).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5a6c6395-d965-4200-a12f-336319932881} - c:\windows\system32\mlJBtssS.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {eec73ea5-1367-49d1-93f4-ca1d8c22e9f9} - c:\windows\system32\ddcYoOfc.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: FLYLADY BenefitBar: {e19e589b-749f-4641-9ed3-032deb7a8d92} - c:\program files\benefitbarie\benefitbar.dll
TB: {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - No File
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Malware Protection Center] "c:\documents and settings\all users\application data\3656f0\MP365_8039.exe" /s /d
uRun: [PC Cleaner] c:\program files\pc cleaner\PCCLauncher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [APVXDWIN] "c:\program files\panda software\panda internet security 2007\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda software\panda internet security 2007\Inicio.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search - http://tbedits.couponalert.com/one-toolbaredits/menusearch.jhtml?s=100000487&p=CDxdm014YYus&si=107645&a=D4B11C63-DF94-4020-AF64-777BC49AC202&n=2011040108
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\panda software\panda internet security 2007\pavlsp.dll
Trusted Zone: bravenet.com
Trusted Zone: bravenet.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{60CBB49C-78D1-4370-A9F3-6641722D595A} : DhcpNameServer = 192.168.254.254 192.168.254.254
Notify: avldr - avldr.dll
Notify: ddcYoOfc - ddcYoOfc.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {eec73ea5-1367-49d1-93f4-ca1d8c22e9f9} - c:\windows\system32\ddcYoOfc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJBtssS
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\mahfyajt.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?l=dis&o=41648007&gct=kwd&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^8M&apn_uid=3272969793574704&p2=^8M^YYYYYY^YY^US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\mahfyajt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-01-22 22:07:39 -------- d-----w- c:\documents and settings\owner\application data\RegistryKeys
2012-01-22 22:07:39 -------- d-----w- c:\documents and settings\owner\application data\PC Cleaner
2012-01-22 22:07:05 -------- d-----w- c:\program files\PC Cleaner
2012-01-22 16:31:34 -------- d-----w- c:\documents and settings\owner\application data\.clamwin
2012-01-22 16:30:47 -------- d-----w- c:\program files\ClamWin
2012-01-22 16:30:47 -------- d-----w- c:\documents and settings\all users\.clamwin
2012-01-22 14:24:19 -------- d-sh--w- c:\documents and settings\owner\application data\Malware Protection Center
2012-01-22 14:23:54 -------- d-sh--w- c:\documents and settings\all users\application data\MPNJWLKAC
2012-01-22 14:21:03 -------- d-sh--w- c:\documents and settings\all users\application data\3656f0
2012-01-11 18:14:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-29 17:02:13 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-12-27 22:52:41 -------- d-----w- c:\documents and settings\owner\application data\vmntemplate
2011-12-27 22:21:56 -------- d-----w- c:\documents and settings\owner\application data\Ask.com
2011-12-27 22:16:15 -------- d-----w- c:\documents and settings\owner\application data\MP3Rocket
2011-12-26 20:01:07 -------- d-----w- c:\program files\LeapFrog
2011-12-26 20:01:07 -------- d-----w- c:\documents and settings\all users\application data\Leapfrog
.
==================== Find3M ====================
.
2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82FDCAB8]
3 CLASSPNP[0xF877805B] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x82F8AD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 17:15:45.60 ===============

AnnieJo 0 Newbie Poster · Answer 2 · 2012-01-23T04:38:50+00:00

I dont know how to attach the other file that is supposed to be a ZIP file. How do I make it a ZIP file? I've saved it to my computer for now, so I can post that as soon as someone can tell me how to do it. Thanks... Also, I could not connect to the microsoft site to do the other scan.

AnnieJo 0 Newbie Poster · Answer 3 · 2012-01-23T20:27:51+00:00

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2007 11:48:21 AM
System Uptime: 1/22/2012 9:28:39 AM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 54.509 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== Image File Execution Options =============
.
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
IFEO: Ad-Aware.exe - svchost.exe
IFEO: adaware.exe - svchost.exe
IFEO: advxdwin.exe - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: agentsvr.exe - svchost.exe
IFEO: agentw.exe - svchost.exe
IFEO: alertsvc.exe - svchost.exe
IFEO: alevir.exe - svchost.exe
IFEO: alogserv.exe - svchost.exe
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
IFEO: AluSchedulerSvc.exe - svchost.exe
IFEO: amon9x.exe - svchost.exe
IFEO: anti-trojan.exe - svchost.exe
IFEO: Anti-Virus Professional.exe - svchost.exe
IFEO: AntispywarXP2009.exe - svchost.exe
IFEO: antivirus.exe - svchost.exe
IFEO: AntivirusPlus - svchost.exe
IFEO: AntivirusPlus.exe - svchost.exe
IFEO: AntivirusPro_2010.exe - svchost.exe
IFEO: AntivirusXP - svchost.exe
IFEO: AntivirusXP.exe - svchost.exe
IFEO: antivirusxppro2009.exe - svchost.exe
IFEO: AntiVirus_Pro.exe - svchost.exe
IFEO: ants.exe - svchost.exe
IFEO: apimonitor.exe - svchost.exe
IFEO: aplica32.exe - svchost.exe
IFEO: apvxdwin.exe - svchost.exe
IFEO: arr.exe - svchost.exe
IFEO: Arrakis3.exe - svchost.exe
IFEO: ashAvast.exe - svchost.exe
IFEO: ashBug.exe - svchost.exe
IFEO: ashChest.exe - svchost.exe
IFEO: ashCnsnt.exe - svchost.exe
IFEO: ashDisp.exe - svchost.exe
IFEO: ashLogV.exe - svchost.exe
IFEO: ashMaiSv.exe - svchost.exe
IFEO: ashPopWz.exe - svchost.exe
IFEO: ashQuick.exe - svchost.exe
IFEO: ashServ.exe - svchost.exe
IFEO: ashSimp2.exe - svchost.exe
IFEO: ashSimpl.exe - svchost.exe
IFEO: ashSkPcc.exe - svchost.exe
IFEO: ashSkPck.exe - svchost.exe
IFEO: ashUpd.exe - svchost.exe
IFEO: ashWebSv.exe - svchost.exe
IFEO: aswChLic.exe - svchost.exe
IFEO: aswRegSvr.exe - svchost.exe
IFEO: aswRunDll.exe - svchost.exe
IFEO: aswUpdSv.exe - svchost.exe
IFEO: atcon.exe - svchost.exe
IFEO: atguard.exe - svchost.exe
IFEO: atro55en.exe - svchost.exe
IFEO: atupdater.exe - svchost.exe
IFEO: atwatch.exe - svchost.exe
IFEO: au.exe - svchost.exe
IFEO: aupdate.exe - svchost.exe
IFEO: auto-protect.nav80try.exe - svchost.exe
IFEO: autodown.exe - svchost.exe
IFEO: autotrace.exe - svchost.exe
IFEO: autoupdate.exe - svchost.exe
IFEO: av360.exe - svchost.exe
IFEO: avadmin.exe - svchost.exe
IFEO: AVCare.exe - svchost.exe
IFEO: avcenter.exe - svchost.exe
IFEO: avciman.exe - svchost.exe
IFEO: avconfig.exe - svchost.exe
IFEO: avconsol.exe - svchost.exe
IFEO: ave32.exe - svchost.exe
IFEO: AVENGINE.EXE - svchost.exe
IFEO: avgcc32.exe - svchost.exe
IFEO: avgchk.exe - svchost.exe
IFEO: avgcmgr.exe - svchost.exe
IFEO: avgcsrvx.exe - svchost.exe
IFEO: avgctrl.exe - svchost.exe
IFEO: avgdumpx.exe - svchost.exe
IFEO: avgemc.exe - svchost.exe
IFEO: avgiproxy.exe - svchost.exe
IFEO: avgnsx.exe - svchost.exe
IFEO: avgnt.exe - svchost.exe
IFEO: avgrsx.exe - svchost.exe
IFEO: avgscanx.exe - svchost.exe
IFEO: avgserv.exe - svchost.exe
IFEO: avgserv9.exe - svchost.exe
IFEO: avgsrmax.exe - svchost.exe
IFEO: avgtray.exe - svchost.exe
IFEO: avgui.exe - svchost.exe
IFEO: avgupd.exe - svchost.exe
IFEO: avgw.exe - svchost.exe
IFEO: avgwdsvc.exe - svchost.exe
IFEO: avkpop.exe - svchost.exe
IFEO: avkserv.exe - svchost.exe
IFEO: avkservice.exe - svchost.exe
IFEO: avkwctl9.exe - svchost.exe
IFEO: avltmain.exe - svchost.exe
IFEO: avmailc.exe - svchost.exe
IFEO: avmcdlg.exe - svchost.exe
IFEO: avnotify.exe - svchost.exe
IFEO: avnt.exe - svchost.exe
IFEO: avp32.exe - svchost.exe
IFEO: avpcc.exe - svchost.exe
IFEO: avpdos32.exe - svchost.exe
IFEO: avpm.exe - svchost.exe
IFEO: avptc32.exe - svchost.exe
IFEO: avpupd.exe - svchost.exe
IFEO: avsched32.exe - svchost.exe
IFEO: avsynmgr.exe - svchost.exe
IFEO: avupgsvc.exe - svchost.exe
IFEO: AVWEBGRD.EXE - svchost.exe
IFEO: avwin.exe - svchost.exe
IFEO: avwin95.exe - svchost.exe
IFEO: avwinnt.exe - svchost.exe
IFEO: avwsc.exe - svchost.exe
IFEO: avwupd.exe - svchost.exe
IFEO: avwupd32.exe - svchost.exe
IFEO: avwupsrv.exe - svchost.exe
IFEO: avxmonitor9x.exe - svchost.exe
IFEO: avxmonitornt.exe - svchost.exe
IFEO: avxquar.exe - svchost.exe
IFEO: b.exe - svchost.exe
IFEO: backweb.exe - svchost.exe
IFEO: bargains.exe - svchost.exe
IFEO: bdagent.exe - svchost.exe
IFEO: bdfvcl.exe - svchost.exe
IFEO: bdfvwiz.exe - svchost.exe
IFEO: BDInProcPatch.exe - svchost.exe
IFEO: bdmcon.exe - svchost.exe
IFEO: BDMsnScan.exe - svchost.exe
IFEO: bdreinit.exe - svchost.exe
IFEO: bdsubwiz.exe - svchost.exe
IFEO: BDSurvey.exe - svchost.exe
IFEO: bdtkexec.exe - svchost.exe
IFEO: bdwizreg.exe - svchost.exe
IFEO: bd_professional.exe - svchost.exe
IFEO: beagle.exe - svchost.exe
IFEO: belt.exe - svchost.exe
IFEO: bidef.exe - svchost.exe
IFEO: bidserver.exe - svchost.exe
IFEO: bipcp.exe - svchost.exe
IFEO: bipcpevalsetup.exe - svchost.exe
IFEO: bisp.exe - svchost.exe
IFEO: blackd.exe - svchost.exe
IFEO: blackice.exe - svchost.exe
IFEO: blink.exe - svchost.exe
IFEO: blss.exe - svchost.exe
IFEO: bootconf.exe - svchost.exe
IFEO: bootwarn.exe - svchost.exe
IFEO: borg2.exe - svchost.exe
IFEO: bpc.exe - svchost.exe
IFEO: brasil.exe - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: brw.exe - svchost.exe
IFEO: bs120.exe - svchost.exe
IFEO: bspatch.exe - svchost.exe
IFEO: bundle.exe - svchost.exe
IFEO: bvt.exe - svchost.exe
IFEO: c.exe - svchost.exe
IFEO: cavscan.exe - svchost.exe
IFEO: ccapp.exe - svchost.exe
IFEO: ccevtmgr.exe - svchost.exe
IFEO: ccpxysvc.exe - svchost.exe
IFEO: ccSvcHst.exe - svchost.exe
IFEO: cdp.exe - svchost.exe
IFEO: cfd.exe - svchost.exe
IFEO: cfgwiz.exe - svchost.exe
IFEO: cfiadmin.exe - svchost.exe
IFEO: cfiaudit.exe - svchost.exe
IFEO: cfinet.exe - svchost.exe
IFEO: cfinet32.exe - svchost.exe
IFEO: cfp.exe - svchost.exe
IFEO: cfpconfg.exe - svchost.exe
IFEO: cfplogvw.exe - svchost.exe
IFEO: cfpupdat.exe - svchost.exe
IFEO: Cl.exe - svchost.exe
IFEO: claw95.exe - svchost.exe
IFEO: claw95cf.exe - svchost.exe
IFEO: clean.exe - svchost.exe
IFEO: cleaner.exe - svchost.exe
IFEO: cleaner3.exe - svchost.exe
IFEO: cleanIELow.exe - svchost.exe
IFEO: cleanpc.exe - svchost.exe
IFEO: click.exe - svchost.exe
IFEO: cmd32.exe - svchost.exe
IFEO: cmdagent.exe - svchost.exe
IFEO: cmesys.exe - svchost.exe
IFEO: cmgrdian.exe - svchost.exe
IFEO: cmon016.exe - svchost.exe
IFEO: connectionmonitor.exe - svchost.exe
IFEO: control - svchost.exe
IFEO: cpd.exe - svchost.exe
IFEO: cpf9x206.exe - svchost.exe
IFEO: cpfnt206.exe - svchost.exe
IFEO: crashrep.exe - svchost.exe
IFEO: csc.exe - svchost.exe
IFEO: cssconfg.exe - svchost.exe
IFEO: cssupdat.exe - svchost.exe
IFEO: cssurf.exe - svchost.exe
IFEO: ctrl.exe - svchost.exe
IFEO: cv.exe - svchost.exe
IFEO: cwnb181.exe - svchost.exe
IFEO: cwntdwmo.exe - svchost.exe
IFEO: d.exe - svchost.exe
IFEO: datemanager.exe - svchost.exe
IFEO: dcomx.exe - svchost.exe
IFEO: defalert.exe - svchost.exe
IFEO: defscangui.exe - svchost.exe
IFEO: defwatch.exe - svchost.exe
IFEO: deloeminfs.exe - svchost.exe
IFEO: deputy.exe - svchost.exe
IFEO: divx.exe - svchost.exe
IFEO: dllcache.exe - svchost.exe
IFEO: dllreg.exe - svchost.exe
IFEO: doors.exe - svchost.exe
IFEO: dop.exe - svchost.exe
IFEO: dpf.exe - svchost.exe
IFEO: dpfsetup.exe - svchost.exe
IFEO: dpps2.exe - svchost.exe
IFEO: driverctrl.exe - svchost.exe
IFEO: drwatson.exe - svchost.exe
IFEO: drweb32.exe - svchost.exe
IFEO: drwebupw.exe - svchost.exe
IFEO: dssagent.exe - svchost.exe
IFEO: dvp95.exe - svchost.exe
IFEO: dvp95_0.exe - svchost.exe
IFEO: ecengine.exe - svchost.exe
IFEO: efpeadm.exe - svchost.exe
IFEO: egui.exe - svchost.exe
IFEO: ekrn.exe - svchost.exe
IFEO: emsw.exe - svchost.exe
IFEO: ent.exe - svchost.exe
IFEO: esafe.exe - svchost.exe
IFEO: escanhnt.exe - svchost.exe
IFEO: escanv95.exe - svchost.exe
IFEO: espwatch.exe - svchost.exe
IFEO: ethereal.exe - svchost.exe
IFEO: etrustcipe.exe - svchost.exe
IFEO: evpn.exe - svchost.exe
IFEO: exantivirus-cnet.exe - svchost.exe
IFEO: exe.avxw.exe - svchost.exe
IFEO: expert.exe - svchost.exe
IFEO: explore.exe - svchost.exe
IFEO: f-agnt95.exe - svchost.exe
IFEO: f-prot.exe - svchost.exe
IFEO: f-prot95.exe - svchost.exe
IFEO: f-stopw.exe - svchost.exe
IFEO: fact.exe - svchost.exe
IFEO: fameh32.exe - svchost.exe
IFEO: fast.exe - svchost.exe
IFEO: fch32.exe - svchost.exe
IFEO: fih32.exe - svchost.exe
IFEO: findviru.exe - svchost.exe
IFEO: firewall.exe - svchost.exe
IFEO: fixcfg.exe - svchost.exe
IFEO: fixfp.exe - svchost.exe
IFEO: fnrb32.exe - svchost.exe
IFEO: fp-win.exe - svchost.exe
IFEO: fp-win_trial.exe - svchost.exe
IFEO: fprot.exe - svchost.exe
IFEO: frmwrk32.exe - svchost.exe
IFEO: frw.exe - svchost.exe
IFEO: fsaa.exe - svchost.exe
IFEO: fsav.exe - svchost.exe
IFEO: fsav32.exe - svchost.exe
IFEO: fsav530stbyb.exe - svchost.exe
IFEO: fsav530wtbyb.exe - svchost.exe
IFEO: fsav95.exe - svchost.exe
IFEO: fsgk32.exe - svchost.exe
IFEO: fsm32.exe - svchost.exe
IFEO: fsma32.exe - svchost.exe
IFEO: fsmb32.exe - svchost.exe
IFEO: gator.exe - svchost.exe
IFEO: gav.exe - svchost.exe
IFEO: gbmenu.exe - svchost.exe
IFEO: gbn976rl.exe - svchost.exe
IFEO: gbpoll.exe - svchost.exe
IFEO: generics.exe - svchost.exe
IFEO: gmt.exe - svchost.exe
IFEO: guard.exe - svchost.exe
IFEO: guarddog.exe - svchost.exe
IFEO: guardgui.exe - svchost.exe
IFEO: hacktracersetup.exe - svchost.exe
IFEO: hbinst.exe - svchost.exe
IFEO: hbsrv.exe - svchost.exe
IFEO: History.exe - svchost.exe
IFEO: homeav2010.exe - svchost.exe
IFEO: hotactio.exe - svchost.exe
IFEO: hotpatch.exe - svchost.exe
IFEO: htlog.exe - svchost.exe
IFEO: htpatch.exe - svchost.exe
IFEO: hwpe.exe - svchost.exe
IFEO: hxdl.exe - svchost.exe
IFEO: hxiul.exe - svchost.exe
IFEO: iamapp.exe - svchost.exe
IFEO: iamserv.exe - svchost.exe
IFEO: iamstats.exe - svchost.exe
IFEO: ibmasn.exe - svchost.exe
IFEO: ibmavsp.exe - svchost.exe
IFEO: icload95.exe - svchost.exe
IFEO: icloadnt.exe - svchost.exe
IFEO: icmon.exe - svchost.exe
IFEO: icsupp95.exe - svchost.exe
IFEO: icsuppnt.exe - svchost.exe
IFEO: Identity.exe - svchost.exe
IFEO: idle.exe - svchost.exe
IFEO: iedll.exe - svchost.exe
IFEO: iedriver.exe - svchost.exe
IFEO: IEShow.exe - svchost.exe
IFEO: iface.exe - svchost.exe
IFEO: ifw2000.exe - svchost.exe
IFEO: inetlnfo.exe - svchost.exe
IFEO: infus.exe - svchost.exe
IFEO: infwin.exe - svchost.exe
IFEO: init.exe - svchost.exe
IFEO: init32.exe - svchost.exe
IFEO: install.exe - svchost.exe
IFEO: install[1].exe - svchost.exe
IFEO: install[2].exe - svchost.exe
IFEO: install[3].exe - svchost.exe
IFEO: install[4].exe - svchost.exe
IFEO: install[5].exe - svchost.exe
IFEO: intdel.exe - svchost.exe
IFEO: intren.exe - svchost.exe
IFEO: iomon98.exe - svchost.exe
IFEO: istsvc.exe - svchost.exe
IFEO: jammer.exe - svchost.exe
IFEO: jdbgmrg.exe - svchost.exe
IFEO: jedi.exe - svchost.exe
IFEO: JsRcGen.exe - svchost.exe
IFEO: kavlite40eng.exe - svchost.exe
IFEO: kavpers40eng.exe - svchost.exe
IFEO: kavpf.exe - svchost.exe
IFEO: kazza.exe - svchost.exe
IFEO: keenvalue.exe - svchost.exe
IFEO: kerio-pf-213-en-win.exe - svchost.exe
IFEO: kerio-wrl-421-en-win.exe - svchost.exe
IFEO: kerio-wrp-421-en-win.exe - svchost.exe
IFEO: killprocesssetup161.exe - svchost.exe
IFEO: ldnetmon.exe - svchost.exe
IFEO: ldpro.exe - svchost.exe
IFEO: ldpromenu.exe - svchost.exe
IFEO: ldscan.exe - svchost.exe
IFEO: licmgr.exe - svchost.exe
IFEO: livesrv.exe - svchost.exe
IFEO: lnetinfo.exe - svchost.exe
IFEO: loader.exe - svchost.exe
IFEO: localnet.exe - svchost.exe
IFEO: lockdown.exe - svchost.exe
IFEO: lockdown2000.exe - svchost.exe
IFEO: lookout.exe - svchost.exe
IFEO: lordpe.exe - svchost.exe
IFEO: lsetup.exe - svchost.exe
IFEO: luall.exe - svchost.exe
IFEO: luau.exe - svchost.exe
IFEO: lucomserver.exe - svchost.exe
IFEO: luinit.exe - svchost.exe
IFEO: luspt.exe - svchost.exe
IFEO: MalwareRemoval.exe - svchost.exe
IFEO: mapisvc32.exe - svchost.exe
IFEO: mcagent.exe - svchost.exe
IFEO: mcmnhdlr.exe - svchost.exe
IFEO: mcmscsvc.exe - svchost.exe
IFEO: mcnasvc.exe - svchost.exe
IFEO: mcproxy.exe - svchost.exe
IFEO: McSACore.exe - svchost.exe
IFEO: mcshell.exe - svchost.exe
IFEO: mcshield.exe - svchost.exe
IFEO: mcsysmon.exe - svchost.exe
IFEO: mctool.exe - svchost.exe
IFEO: mcupdate.exe - svchost.exe
IFEO: mcvsrte.exe - svchost.exe
IFEO: mcvsshld.exe - svchost.exe
IFEO: md.exe - svchost.exe
IFEO: mfin32.exe - svchost.exe
IFEO: mfw2en.exe - svchost.exe
IFEO: mfweng3.02d30.exe - svchost.exe
IFEO: mgavrtcl.exe - svchost.exe
IFEO: mgavrte.exe - svchost.exe
IFEO: mghtml.exe - svchost.exe
IFEO: mgui.exe - svchost.exe
IFEO: minilog.exe - svchost.exe
IFEO: mmod.exe - svchost.exe
IFEO: monitor.exe - svchost.exe
IFEO: moolive.exe - svchost.exe
IFEO: mostat.exe - svchost.exe
IFEO: mpfagent.exe - svchost.exe
IFEO: mpfservice.exe - svchost.exe
IFEO: MPFSrv.exe - svchost.exe
IFEO: mpftray.exe - svchost.exe
IFEO: mrflux.exe - svchost.exe
IFEO: mrt.exe - svchost.exe
IFEO: msa.exe - svchost.exe
IFEO: msapp.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msbb.exe - svchost.exe
IFEO: msblast.exe - svchost.exe
IFEO: mscache.exe - svchost.exe
IFEO: msccn32.exe - svchost.exe
IFEO: mscman.exe - svchost.exe
IFEO: msconfig - svchost.exe
IFEO: msdm.exe - svchost.exe
IFEO: msdos.exe - svchost.exe
IFEO: msfwsvc.exe - svchost.exe
IFEO: msiexec16.exe - svchost.exe
IFEO: mslaugh.exe - svchost.exe
IFEO: msmgt.exe - svchost.exe
IFEO: MsMpEng.exe - svchost.exe
IFEO: msmsgri32.exe - svchost.exe
IFEO: msseces.exe - svchost.exe
IFEO: mssmmc32.exe - svchost.exe
IFEO: mssys.exe - svchost.exe
IFEO: msvxd.exe - svchost.exe
IFEO: mu0311ad.exe - svchost.exe
IFEO: mwatch.exe - svchost.exe
IFEO: n32scanw.exe - svchost.exe
IFEO: nav.exe - svchost.exe
IFEO: navap.navapsvc.exe - svchost.exe
IFEO: navapsvc.exe - svchost.exe
IFEO: navapw32.exe - svchost.exe
IFEO: navdx.exe - svchost.exe
IFEO: navlu32.exe - svchost.exe
IFEO: navnt.exe - svchost.exe
IFEO: navstub.exe - svchost.exe
IFEO: navw32.exe - svchost.exe
IFEO: navwnt.exe - svchost.exe
IFEO: nc2000.exe - svchost.exe
IFEO: ncinst4.exe - svchost.exe
IFEO: ndd32.exe - svchost.exe
IFEO: neomonitor.exe - svchost.exe
IFEO: neowatchlog.exe - svchost.exe
IFEO: netarmor.exe - svchost.exe
IFEO: netd32.exe - svchost.exe
IFEO: netinfo.exe - svchost.exe
IFEO: netmon.exe - svchost.exe
IFEO: netscanpro.exe - svchost.exe
IFEO: netspyhunter-1.2.exe - svchost.exe
IFEO: netutils.exe - svchost.exe
IFEO: nisserv.exe - svchost.exe
IFEO: nisum.exe - svchost.exe
IFEO: nmain.exe - svchost.exe
IFEO: nod32.exe - svchost.exe
IFEO: normist.exe - svchost.exe
IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
IFEO: notstart.exe - svchost.exe
IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
IFEO: npfmessenger.exe - svchost.exe
IFEO: nprotect.exe - svchost.exe
IFEO: npscheck.exe - svchost.exe
IFEO: npssvc.exe - svchost.exe
IFEO: nsched32.exe - svchost.exe
IFEO: nssys32.exe - svchost.exe
IFEO: nstask32.exe - svchost.exe
IFEO: nsupdate.exe - svchost.exe
IFEO: nt.exe - svchost.exe
IFEO: ntrtscan.exe - svchost.exe
IFEO: ntvdm.exe - svchost.exe
IFEO: ntxconfig.exe - svchost.exe
IFEO: nui.exe - svchost.exe
IFEO: nupgrade.exe - svchost.exe
IFEO: nvarch16.exe - svchost.exe
IFEO: nvc95.exe - svchost.exe
IFEO: nvsvc32.exe - svchost.exe
IFEO: nwinst4.exe - svchost.exe
IFEO: nwservice.exe - svchost.exe
IFEO: nwtool16.exe - svchost.exe
IFEO: OAcat.exe - svchost.exe
IFEO: OAhlp.exe - svchost.exe
IFEO: OAReg.exe - svchost.exe
IFEO: oasrv.exe - svchost.exe
IFEO: oaui.exe - svchost.exe
IFEO: oaview.exe - svchost.exe
IFEO: OcHealthMon.exe - svchost.exe
IFEO: ODSW.exe - svchost.exe
IFEO: ollydbg.exe - svchost.exe
IFEO: OLT.exe - svchost.exe
IFEO: onsrvr.exe - svchost.exe
IFEO: optimize.exe - svchost.exe
IFEO: ostronet.exe - svchost.exe
IFEO: otfix.exe - svchost.exe
IFEO: outpost.exe - svchost.exe
IFEO: outpostinstall.exe - svchost.exe
IFEO: outpostproinstall.exe - svchost.exe
IFEO: ozn695m5.exe - svchost.exe
IFEO: padmin.exe - svchost.exe
IFEO: panixk.exe - svchost.exe
IFEO: patch.exe - svchost.exe
IFEO: pav.exe - svchost.exe
IFEO: pavcl.exe - svchost.exe
IFEO: PavFnSvr.exe - svchost.exe
IFEO: pavproxy.exe - svchost.exe
IFEO: pavprsrv.exe - svchost.exe
IFEO: pavsched.exe - svchost.exe
IFEO: pavsrv51.exe - svchost.exe
IFEO: pavw.exe - svchost.exe
IFEO: pc.exe - svchost.exe
IFEO: pccwin98.exe - svchost.exe
IFEO: pcfwallicon.exe - svchost.exe
IFEO: pcip10117_0.exe - svchost.exe
IFEO: pcscan.exe - svchost.exe
IFEO: pctsAuxs.exe - svchost.exe
IFEO: pctsGui.exe - svchost.exe
IFEO: pctsSvc.exe - svchost.exe
IFEO: pctsTray.exe - svchost.exe
IFEO: PC_Antispyware2010.exe - svchost.exe
IFEO: pdfndr.exe - svchost.exe
IFEO: pdsetup.exe - svchost.exe
IFEO: PerAvir.exe - svchost.exe
IFEO: periscope.exe - svchost.exe
IFEO: persfw.exe - svchost.exe
IFEO: personalguard - svchost.exe
IFEO: personalguard.exe - svchost.exe
IFEO: perswf.exe - svchost.exe
IFEO: pf2.exe - svchost.exe
IFEO: pfwadmin.exe - svchost.exe
IFEO: pgmonitr.exe - svchost.exe
IFEO: pingscan.exe - svchost.exe
IFEO: platin.exe - svchost.exe
IFEO: pop3trap.exe - svchost.exe
IFEO: poproxy.exe - svchost.exe
IFEO: popscan.exe - svchost.exe
IFEO: portdetective.exe - svchost.exe
IFEO: portmonitor.exe - svchost.exe
IFEO: powerscan.exe - svchost.exe
IFEO: ppinupdt.exe - svchost.exe
IFEO: pptbc.exe - svchost.exe
IFEO: ppvstop.exe - svchost.exe
IFEO: prizesurfer.exe - svchost.exe
IFEO: prmt.exe - svchost.exe
IFEO: prmvr.exe - svchost.exe
IFEO: procdump.exe - svchost.exe
IFEO: processmonitor.exe - svchost.exe
IFEO: procexplorerv1.0.exe - svchost.exe
IFEO: programauditor.exe - svchost.exe
IFEO: proport.exe - svchost.exe
IFEO: protector.exe - svchost.exe
IFEO: protectx.exe - svchost.exe
IFEO: PSANCU.exe - svchost.exe
IFEO: PSANHost.exe - svchost.exe
IFEO: PSANToManager.exe - svchost.exe
IFEO: PsCtrls.exe - svchost.exe
IFEO: PsImSvc.exe - svchost.exe
IFEO: PskSvc.exe - svchost.exe
IFEO: pspf.exe - svchost.exe
IFEO: PSUNMain.exe - svchost.exe
IFEO: purge.exe - svchost.exe
IFEO: qconsole.exe - svchost.exe
IFEO: qh.exe - svchost.exe
IFEO: qserver.exe - svchost.exe
IFEO: Quick Heal.exe - svchost.exe
IFEO: QuickHealCleaner.exe - svchost.exe
IFEO: rapapp.exe - svchost.exe
IFEO: rav7.exe - svchost.exe
IFEO: rav7win.exe - svchost.exe
IFEO: rav8win32eng.exe - svchost.exe
IFEO: ray.exe - svchost.exe
IFEO: rb32.exe - svchost.exe
IFEO: rcsync.exe - svchost.exe
IFEO: realmon.exe - svchost.exe
IFEO: reged.exe - svchost.exe
IFEO: regedt32.exe - svchost.exe
IFEO: rescue.exe - svchost.exe
IFEO: rescue32.exe - svchost.exe
IFEO: rrguard.exe - svchost.exe
IFEO: rscdwld.exe - svchost.exe
IFEO: rshell.exe - svchost.exe
IFEO: rtvscan.exe - svchost.exe
IFEO: rtvscn95.exe - svchost.exe
IFEO: rulaunch.exe - svchost.exe
IFEO: rwg - svchost.exe
IFEO: rwg.exe - svchost.exe
IFEO: SafetyKeeper.exe - svchost.exe
IFEO: safeweb.exe - svchost.exe
IFEO: sahagent.exe - svchost.exe
IFEO: Save.exe - svchost.exe
IFEO: SaveArmor.exe - svchost.exe
IFEO: SaveDefense.exe - svchost.exe
IFEO: SaveKeep.exe - svchost.exe
IFEO: savenow.exe - svchost.exe
IFEO: sbserv.exe - svchost.exe
IFEO: sc.exe - svchost.exe
IFEO: scam32.exe - svchost.exe
IFEO: scan32.exe - svchost.exe
IFEO: scan95.exe - svchost.exe
IFEO: scanpm.exe - svchost.exe
IFEO: scrscan.exe - svchost.exe
IFEO: seccenter.exe - svchost.exe
IFEO: Secure Veteran.exe - svchost.exe
IFEO: secureveteran.exe - svchost.exe
IFEO: Security Center.exe - svchost.exe
IFEO: SecurityFighter.exe - svchost.exe
IFEO: securitysoldier.exe - svchost.exe
IFEO: serv95.exe - svchost.exe
IFEO: setloadorder.exe - svchost.exe
IFEO: setupvameeval.exe - svchost.exe
IFEO: setup_flowprotector_us.exe - svchost.exe
IFEO: sgssfw32.exe - svchost.exe
IFEO: sh.exe - svchost.exe
IFEO: shellspyinstall.exe - svchost.exe
IFEO: shield.exe - svchost.exe
IFEO: shn.exe - svchost.exe
IFEO: showbehind.exe - svchost.exe
IFEO: signcheck.exe - svchost.exe
IFEO: smart.exe - svchost.exe
IFEO: smartprotector.exe - svchost.exe
IFEO: smc.exe - svchost.exe
IFEO: smrtdefp.exe - svchost.exe
IFEO: sms.exe - svchost.exe
IFEO: smss32.exe - svchost.exe
IFEO: snetcfg.exe - svchost.exe
IFEO: soap.exe - svchost.exe
IFEO: sofi.exe - svchost.exe
IFEO: SoftSafeness.exe - svchost.exe
IFEO: sperm.exe - svchost.exe
IFEO: spf.exe - svchost.exe
IFEO: sphinx.exe - svchost.exe
IFEO: spoler.exe - svchost.exe
IFEO: spoolcv.exe - svchost.exe
IFEO: spoolsv32.exe - svchost.exe
IFEO: spywarexpguard.exe - svchost.exe
IFEO: spyxx.exe - svchost.exe
IFEO: srexe.exe - svchost.exe
IFEO: srng.exe - svchost.exe
IFEO: ss3edit.exe - svchost.exe
IFEO: ssgrate.exe - svchost.exe
IFEO: ssg_4104.exe - svchost.exe
IFEO: st2.exe - svchost.exe
IFEO: start.exe - svchost.exe
IFEO: stcloader.exe - svchost.exe
IFEO: supftrl.exe - svchost.exe
IFEO: support.exe - svchost.exe
IFEO: supporter5.exe - svchost.exe
IFEO: svc.exe - svchost.exe
IFEO: svchostc.exe - svchost.exe
IFEO: svchosts.exe - svchost.exe
IFEO: svshost.exe - svchost.exe
IFEO: sweep95.exe - svchost.exe
IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
IFEO: symlcsvc.exe - svchost.exe
IFEO: symproxysvc.exe - svchost.exe
IFEO: symtray.exe - svchost.exe
IFEO: system.exe - svchost.exe
IFEO: system32.exe - svchost.exe
IFEO: sysupd.exe - svchost.exe
IFEO: tapinstall.exe - svchost.exe
IFEO: taskmgr.exe - svchost.exe
IFEO: taumon.exe - svchost.exe
IFEO: tbscan.exe - svchost.exe
IFEO: tc.exe - svchost.exe
IFEO: tca.exe - svchost.exe
IFEO: tcm.exe - svchost.exe
IFEO: tds-3.exe - svchost.exe
IFEO: tds2-98.exe - svchost.exe
IFEO: tds2-nt.exe - svchost.exe
IFEO: teekids.exe - svchost.exe
IFEO: tfak.exe - svchost.exe
IFEO: tfak5.exe - svchost.exe
IFEO: tgbob.exe - svchost.exe
IFEO: titanin.exe - svchost.exe
IFEO: titaninxp.exe - svchost.exe
IFEO: TPSrv.exe - svchost.exe
IFEO: trickler.exe - svchost.exe
IFEO: trjscan.exe - svchost.exe
IFEO: trjsetup.exe - svchost.exe
IFEO: trojantrap3.exe - svchost.exe
IFEO: TrustWarrior.exe - svchost.exe
IFEO: tsadbot.exe - svchost.exe
IFEO: tsc.exe - svchost.exe
IFEO: tvmd.exe - svchost.exe
IFEO: tvtmd.exe - svchost.exe
IFEO: uiscan.exe - svchost.exe
IFEO: undoboot.exe - svchost.exe
IFEO: updat.exe - svchost.exe
IFEO: upgrad.exe - svchost.exe
IFEO: upgrepl.exe - svchost.exe
IFEO: utpost.exe - svchost.exe
IFEO: vbcmserv.exe - svchost.exe
IFEO: vbcons.exe - svchost.exe
IFEO: vbust.exe - svchost.exe
IFEO: vbwin9x.exe - svchost.exe
IFEO: vbwinntw.exe - svchost.exe
IFEO: vcsetup.exe - svchost.exe
IFEO: vet32.exe - svchost.exe
IFEO: vet95.exe - svchost.exe
IFEO: vettray.exe - svchost.exe
IFEO: vfsetup.exe - svchost.exe
IFEO: vir-help.exe - svchost.exe
IFEO: virusmdpersonalfirewall.exe - svchost.exe
IFEO: VisthAux.exe - svchost.exe
IFEO: VisthLic.exe - svchost.exe
IFEO: VisthUpd.exe - svchost.exe
IFEO: vnlan300.exe - svchost.exe
IFEO: vnpc3000.exe - svchost.exe
IFEO: vpc32.exe - svchost.exe
IFEO: vpc42.exe - svchost.exe
IFEO: vpfw30s.exe - svchost.exe
IFEO: vptray.exe - svchost.exe
IFEO: vscan40.exe - svchost.exe
IFEO: vscenu6.02d30.exe - svchost.exe
IFEO: vsched.exe - svchost.exe
IFEO: vsecomr.exe - svchost.exe
IFEO: vshwin32.exe - svchost.exe
IFEO: vsisetup.exe - svchost.exe
IFEO: vsmain.exe - svchost.exe
IFEO: vsmon.exe - svchost.exe
IFEO: vsserv.exe - svchost.exe
IFEO: vsstat.exe - svchost.exe
IFEO: vswin9xe.exe - svchost.exe
IFEO: vswinntse.exe - svchost.exe
IFEO: vswinperse.exe - svchost.exe
IFEO: w32dsm89.exe - svchost.exe
IFEO: W3asbas.exe - svchost.exe
IFEO: w9x.exe - svchost.exe
IFEO: watchdog.exe - svchost.exe
IFEO: webdav.exe - svchost.exe
IFEO: WebProxy.exe - svchost.exe
IFEO: webscanx.exe - svchost.exe
IFEO: webtrap.exe - svchost.exe
IFEO: wfindv32.exe - svchost.exe
IFEO: whoswatchingme.exe - svchost.exe
IFEO: wimmun32.exe - svchost.exe
IFEO: win-bugsfix.exe - svchost.exe
IFEO: win32.exe - svchost.exe
IFEO: win32us.exe - svchost.exe
IFEO: winactive.exe - svchost.exe
IFEO: winav.exe - svchost.exe
IFEO: windll32.exe - svchost.exe
IFEO: window.exe - svchost.exe
IFEO: windows Police Pro.exe - svchost.exe
IFEO: windows.exe - svchost.exe
IFEO: wininetd.exe - svchost.exe
IFEO: wininitx.exe - svchost.exe
IFEO: winlogin.exe - svchost.exe
IFEO: winmain.exe - svchost.exe
IFEO: winppr32.exe - svchost.exe
IFEO: winrecon.exe - svchost.exe
IFEO: winservn.exe - svchost.exe
IFEO: winss.exe - svchost.exe
IFEO: winssk32.exe - svchost.exe
IFEO: winssnotify.exe - svchost.exe
IFEO: WinSSUI.exe - svchost.exe
IFEO: winstart.exe - svchost.exe
IFEO: winstart001.exe - svchost.exe
IFEO: wintsk32.exe - svchost.exe
IFEO: winupdate.exe - svchost.exe
IFEO: wkufind.exe - svchost.exe
IFEO: wnad.exe - svchost.exe
IFEO: wnt.exe - svchost.exe
IFEO: wradmin.exe - svchost.exe
IFEO: wrctrl.exe - svchost.exe
IFEO: wsbgate.exe - svchost.exe
IFEO: wscfxas.exe - svchost.exe
IFEO: wscfxav.exe - svchost.exe
IFEO: wscfxfw.exe - svchost.exe
IFEO: wsctool.exe - svchost.exe
IFEO: wupdater.exe - svchost.exe
IFEO: wupdt.exe - svchost.exe
IFEO: wyvernworksfirewall.exe - svchost.exe
IFEO: xpdeluxe.exe - svchost.exe
IFEO: xpf202en.exe - svchost.exe
IFEO: xp_antispyware.exe - svchost.exe
IFEO: zapro.exe - svchost.exe
IFEO: zapsetup3001.exe - svchost.exe
IFEO: zatutor.exe - svchost.exe
IFEO: zonalm2601.exe - svchost.exe
IFEO: zonealarm.exe - svchost.exe
IFEO: _avp32.exe - svchost.exe
IFEO: _avpcc.exe - svchost.exe
IFEO: _avpm.exe - svchost.exe
IFEO: ~1.exe - svchost.exe
IFEO: ~2.exe - svchost.exe
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
aiofw
aioprnt
aioscnnr
Brother Bear
C4USelfUpdater
center
ClamWin Free Antivirus 0.97.3
Coupon Printer for Windows
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 6 Update 5
KODAK AiO Home Center
KODAK Share Button App
ksDIP
LeapFrog Connect
LeapFrog MyOwnLeaptop Plugin
LeapFrog Tag Plugin
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Move Networks Media Player for Internet Explorer
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NetAssistant
NetAssistant for Firefox
PC Cleaner v3.0
PreReq
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scribus 1.3.3.14
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Spyware Terminator
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
YouTube Downloader 2.7.1
.
==== Event Viewer Messages From Past Week ========
.
1/22/2012 9:31:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Panda Process Protection Service service to connect.
1/22/2012 9:31:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Panda IManager Service service to connect.
1/22/2012 9:31:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Panda Function Service service to connect.
1/22/2012 9:31:32 AM, error: Service Control Manager [7000] - The Panda TPSrv service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2012 9:31:32 AM, error: Service Control Manager [7000] - The Panda Process Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2012 9:31:32 AM, error: Service Control Manager [7000] - The Panda IManager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2012 9:31:32 AM, error: Service Control Manager [7000] - The Panda Function Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2012 9:31:32 AM, error: Service Control Manager [7000] - The 8039 service failed to start due to the following error: The specified driver is invalid.
1/22/2012 9:31:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Panda TPSrv service to connect.
1/22/2012 9:31:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Panda anti-virus service service to connect.
1/22/2012 9:31:31 AM, error: Service Control Manager [7000] - The Panda anti-virus service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2012 11:17:44 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/22/2012 1:23:18 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/21/2012 1:06:00 PM, error: Service Control Manager [7023] - The Task Universal service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
1/21/2012 1:06:00 PM, error: Service Control Manager [7003] - The Kodak AiO Network Discovery Service service depends on the following nonexistent service: Bonjour Service
1/18/2012 3:16:40 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 000F1F5E0969 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

AnnieJo 0 Newbie Poster · Answer 4 · 2012-01-23T20:29:33+00:00

tried running the second gmer scan and computer froze up.. had to restart it. same thing when i tried running the pc cleaner...

AnnieJo 0 Newbie Poster · Answer 5 · 2012-01-23T20:31:24+00:00

Hi AnnieJo,
Are you able to run the MBAM and the GMER scan as directed in the Read Me First post?
If so, please post the results.
Likewise, see if you are able to access, download and run http://public.avast.com/~gmerek/aswMBR.htm as directed by the linked page.
Let us know how you fare.
Cheers :)
PP

Will not let me go to the url above.

AnnieJo 0 Newbie Poster · Answer 6 · 2012-01-23T20:39:22+00:00

correction.. the pc cleaner did run the scan, but i could not delete anything without paying and I dont feel comfortable putting my credit card info online right now with all this stuff going on with my machine. I can copy and paste the results of that scan if you would like

AnnieJo 0 Newbie Poster · Answer 7 · 2012-01-23T20:43:09+00:00

will not allow me to go to the malwarebytes site either.

AnnieJo 0 Newbie Poster · Answer 8 · 2012-01-23T20:45:57+00:00

for the sites I am not able to go to I get redirected to a yahoo search page with title Yahoo! 404- page not found... this is the same thing that happened when i tried going to the microsoft sites. I am going to try running the second gmer scan again now.. took quite a while last night before it froze up. I will post the result later today if I can get it to complete.

AnnieJo 0 Newbie Poster · Answer 9 · 2012-01-23T20:56:28+00:00

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-22 17:46:09
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: xke4b8sx.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awtdqpog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateKey [0xF62743B2]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateValueKey [0xF627458A]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShldDrv.SYS (PandaShield driver/Panda Software)

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (AntiMalware Filter Driver for Windows XP/2003/Panda Software International)
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] mnjevsvnk <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

AnnieJo 0 Newbie Poster · Answer 10 · 2012-01-23T23:12:29+00:00

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 12:10:12
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: e1domhhz.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awtdqpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwCreateKey [0xF509C1BA]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteKey [0xF509C2D6]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteValueKey [0xF509C42A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateKey [0xF509C3B2]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateValueKey [0xF509C58A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwOpenKey [0xF509C264]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryKey [0xF509C33E]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryValueKey [0xF509C512]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwSetValueKey [0xF509C498]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShldDrv.SYS (PandaShield driver/Panda Software)

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (AntiMalware Filter Driver for Windows XP/2003/Panda Software International)
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] mnjevsvnk <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@DisplayName Task Universal
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk@Description Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\mnjevsvnk\Parameters@ServiceDll C:\WINDOWS\system32\mparpk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@DisplayName Task Universal
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk@Description Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\mnjevsvnk\Parameters@ServiceDll C:\WINDOWS\system32\mparpk.dll

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD 0 bytes
File C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL 0 bytes

---- EOF - GMER 1.0.15 ----

AnnieJo 0 Newbie Poster · Answer 11 · 2012-01-24T00:02:22+00:00

Update... I redownloaded the ATF- Cleaner directly from the attribune site, and it worked this time. I was able to delete everything from the main menu and from firefox this time.

AnnieJo 0 Newbie Poster · Answer 12 · 2012-01-24T00:25:54+00:00

Tried connecting to Malwarebytes and Microsoft windows malicious software removal tool again, and I am still getting the yahoo error message that the sites can not be found. If there is anything else I can do please let me know. I appreciate your willingness to help out!

AnnieJo 0 Newbie Poster · Answer 13 · 2012-01-24T03:58:30+00:00

thank you so much for trying to help me! I really appreciate it!! A friend told me to try accessing the mbam sites in safe mode with networking and it worked! I was able to download and do the scan. I am still trying to download the microsoft windows malicious software removal tool. I will post the mbam results below and if I can get the other tool to work, i will let you know. Thank you again for helping me! Also, if I do have to redo everything on here and update to sp3 is there step by step instructions I can print before hand? I have no idea how to do it, as you can probably tell, this computer stuff isnt really my thing :-)

AnnieJo 0 Newbie Poster · Answer 14 · 2012-01-24T04:01:01+00:00

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.06

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.11
Owner :: BACONS [administrator]

1/23/2012 3:18:38 PM
mbam-log-2012-01-23 (15-18-38).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 811
HKCR\CLSID\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000DA-0786-4633-87C6-1AA7A4429EF1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\sgoblxtm.bpsb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\sgoblxtm.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\TYPELIB (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\CouponAlert_2p (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\epk_extr (Trojan.Skintrim) -> Quarantined and deleted successfully.
HKCU\Software\ErrorRepairPro (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKCU\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\CouponAlert_2p (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw

AnnieJo 0 Newbie Poster · Answer 15 · 2012-01-24T06:06:20+00:00

I havent had a chance to back up any of my pictures yet. Hoping to have this done tomorrow. do you know if I send all the photo files in a zip folder to my e-mail will I be able to recover those pictures once my computer is running correctly again? I just dont want to run the combofix and risk losing all my documents.

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 16 · 2012-01-25T02:19:53+00:00

"Firefox can't establish a connection to the server at [insert antivirus site here]." IE won't connect to them.

Hi hodgeemory,

If you need assistance with this problem, please start a new thread and a volunteer should be able to help you.

Cheers :)
PP

AnnieJo 0 Newbie Poster · Answer 17 · 2012-01-25T04:26:33+00:00

i cant run combofix until i turn off "malware protection center" I cant find any way to do this. everything i found online about this program says it's actually a trojan so I dont know if I should just go ahead with combofix anyways.

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 18 · 2012-01-25T05:09:25+00:00

i cant run combofix until i turn off "malware protection center" I cant find any way to do this. everything i found online about this program says it's actually a trojan so I dont know if I should just go ahead with combofix anyways.

Go ahead with combofix if you are able. Download it and place it on the Desktop as the page says to do.

Then Click START > RUN > in the box type or copy and paste everything in red below and hit ENTER

"%userprofile%\desktop\combofix.exe" /killall

This should run combofix - allow it to finish. It may reboot your machine - let it do so.
Once combofix finishes, please post the log for me.

PP:)

AnnieJo 0 Newbie Poster · Answer 19 · 2012-01-25T05:57:18+00:00

ok... i downloaded combofix to desktop. when i clicked on it, it started automatically... i couldnt type anything in (what you posted in red) clicked ok when the warning box came up about malware protection center still running. Performed scan and it restarted my computer when done... another dialog box opened and said not to open any programs while combofix was doing the log... after about 5 minutes that box went away, but no log showed up... where do i find this log?

AnnieJo 0 Newbie Poster · Answer 20 · 2012-01-25T06:26:24+00:00

I spent the day backing up all my important documents, so I am willing to completely wipe out my hard drive and start fresh if you have the time to help me. I have no idea how to do it. Thank you for your help!

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 21 · 2012-01-25T07:22:30+00:00

where do i find this log?

You should find the log at C:\ComboFix.txt.
Just post that for me and we'll see where we stand.

-- Do you have a recovery partition on your machine? Or, did it come with a Windows CD?

-- Do you have a valid Windows product key? Usually it is a sticker attached to your computer - you'll know it when you see it.

-- What is the make and model of the ill computer?

Here's the argument:
1) I'd like to see how our cleaning efforts pan out before we reformat.
However:
2)If you don't have the time, reinstalling windows will be a lot quicker.
And:
3) You should be as certain as possible that the machine is clean before installing SP3 - and a reinstall will provide the most certainty.
And you gotta have SP3 or you leave the machine open to a lot of nasties...

If you have a valid recovery partition, then the fix will amount to the push of a button to revert your computer back to its "right out of the box" state.
You will lose any programs you have installed since and you'll need to do immediate updating of service packs and patches as well as Antivirus and firewall programs.

PP:)

AnnieJo 0 Newbie Poster · Answer 22 · 2012-01-25T18:39:31+00:00

My computer tells me there is no such file C:\ComboFix.txt. Should I run combofix again?

- I've had issues with this computer before and called Delll customer service when it was still under warranty. They walked me through everything to bring my computer back to factory settings. I have a cd that says "Reinstallation CD Microsoft Windows XP Home Including Service Pack 2-- this cd is not for reinstallation of programs or drivers"

I did not have a cd for the drivers, so the Dell tech support guy had me download 4 drivers from the dell site (which I have backed up onto CD now) the drivers are as follows: R47822, R79733, R64645, and R94481

- I do have the product key

- the computer is a Dell Dimension 2400

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 23 · 2012-01-26T02:47:20+00:00

My computer tells me there is no such file C:\ComboFix.txt. Should I run combofix again?

Yes - please do that if you have the time. This time, use the command I posted previously.

It sounds like you are good to go for a reinstall, but let's see what the combofix says.

PP:)

AnnieJo 0 Newbie Poster · Answer 24 · 2012-01-26T04:13:33+00:00

thank you for your help! My computer totally crashed today, and I had to have my brainiac brother come fix it for me. Ended up reinstalling everything. Sooo glad I backed up everything yesterday. Thanks for all your help. I really appreciate it!

Cant connect to any antivrus websites

Recommended Answers Collapse Answers

All 31 Replies

Recommended Answers