Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer opens without my permission?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Phonat

Phonat

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 January 2011 - 04:26 PM

As the title describes, I'm having trouble with what I have no idea to define as other than an evil virus from the deep reaches of internet hell.

At the moment, my firefox browser crashes upwards of 5 times in a day. My computer is slow, though not unbearably so. What ticks me off the most, though, is the fact that I have disabled access to Internet Explorer (to at least hinder what was going on until I could get someone to repair my computer), and I can hear clicking in the background of my computer's sound occasionally, as well as various advertisements being played (the last one I remember was Bing), and occasionally a box will pop up, prompting if I want to set Internet Explorer as my current browser. Seeing as how I disabled it, I'm really, really baffled. I can't see it in the task manager when I bring it up under the 'applications' tab.

At the moment, I own CCleaner, Spybot Search and Destroy, and Malwarebytes Anti-Malware. Using the latter two brings up multiple problems, which I have removed, and usually with Malwarebytes, the computer has to restart in order to finish up the process. However, once I restart, I find that I have the same problems with the computer. Scanning again with Malwarebytes returns just as many, if not more, problems than before. I've used TDSS to check for rootkits, but nothing is ever returned.

Can I get some help, please?

Logs, as requested:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 15:16:07.29 on Wed 01/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.162 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\wininst.exe
C:\WINDOWS\drweb.exe
C:\WINDOWS\install.exe
C:\WINDOWS\avp32.exe
C:\WINDOWS\user.exe
C:\WINDOWS\hexdump.exe
svchost.exe
C:\WINDOWS\taskmgr.exe
C:\WINDOWS\msmgm.exe
C:\WINDOWS\login.exe
C:\WINDOWS\win16.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\gdi32.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\spoolsv.exe
C:\WINDOWS\setup.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\debug.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\sysedit.exe
C:\WINDOWS\winamp.exe
C:\WINDOWS\iexplarer.exe
C:\WINDOWS\nvsvc32.exe
C:\WINDOWS\win.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\wininst.exe
C:\WINDOWS\drweb.exe
C:\WINDOWS\install.exe
C:\WINDOWS\mdm.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\WINDOWS\avp32.exe
C:\WINDOWS\user.exe
C:\WINDOWS\hexdump.exe
C:\WINDOWS\taskmgr.exe
C:\WINDOWS\msmgm.exe
C:\WINDOWS\login.exe
C:\WINDOWS\win16.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\gdi32.exe
C:\WINDOWS\spoolsv.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\debug.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\sysedit.exe
C:\WINDOWS\winamp.exe
C:\WINDOWS\iexplarer.exe
C:\WINDOWS\nvsvc32.exe
C:\WINDOWS\win.exe
C:\WINDOWS\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\win32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\svchost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\iexplarer.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\debug.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\login.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\taskmgr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\nvsvc32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sysedit.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\3521232670.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\gdi32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\wininst.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\user.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\win32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\msmgm.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\183863508.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\1972166568.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\win.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\system32\njx4y.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\njx4y.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MKfre] c:\windows\wininst.exe
uRun: [MKasc] c:\windows\drweb.exe
uRun: [MKbta] c:\windows\install.exe
uRun: [HNUmaIXnte] c:\docume~1\owner\locals~1\temp\msmgm.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [HNUmaIXntpf] c:\docume~1\owner\locals~1\temp\iexplarer.exe
uRun: [MKZSc] c:\windows\avp32.exe
uRun: [HNUmaIXnb] c:\docume~1\owner\locals~1\temp\mdm.exe
uRun: [MKee] c:\windows\user.exe
uRun: [HNUmaIXnwpc] c:\docume~1\owner\locals~1\temp\services.exe
uRun: [MKbtc] c:\windows\hexdump.exe
uRun: [HNUmaIXnd] c:\docume~1\owner\locals~1\temp\avp.exe
uRun: [HNUmaIXneP] c:\docume~1\owner\locals~1\temp\avp32.exe
uRun: [MKerb] c:\windows\taskmgr.exe
uRun: [MKctc] c:\windows\msmgm.exe
uRun: [MKcrc] c:\windows\login.exe
uRun: [MKfPc] c:\windows\win32.exe
uRun: [MKayc] c:\windows\csrss.exe
uRun: [HNUmaIXnsd] c:\docume~1\owner\locals~1\temp\taskmgr.exe
uRun: [HNUmaIXnqe] c:\docume~1\owner\locals~1\temp\login.exe
uRun: [MKbMc] c:\windows\gdi32.exe
uRun: [HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe] c:\docume~1\owner\locals~1\temp\1940034883.exe
uRun: [HNUmaIXnZP] c:\docume~1\owner\locals~1\temp\gdi32.exe
uRun: [HNUmaIXntg] c:\docume~1\owner\locals~1\temp\wininst.exe
uRun: [HNUmaIXnxc] c:\docume~1\owner\locals~1\temp\smss.exe
uRun: [HNUmaIXnf] c:\docume~1\owner\locals~1\temp\win.exe
uRun: [MKeuf] c:\windows\spoolsv.exe
uRun: [HNUmaIXnoc] c:\docume~1\owner\locals~1\temp\debug.exe
uRun: [HNUmaIXngP] c:\docume~1\owner\locals~1\temp\win32.exe
uRun: [HNUmaIXnY] c:\docume~1\owner\locals~1\temp\cmd.exe
uRun: [HNUmaIXnuf] c:\docume~1\owner\locals~1\temp\csrss.exe
uRun: [MKevc] c:\windows\setup.exe
uRun: [HNUmaIXnwe] c:\docume~1\owner\locals~1\temp\setup.exe
uRun: [HNUmaIXnxb] c:\docume~1\owner\locals~1\temp\sysedit.exe
uRun: [HNUmaIXnz9] c:\docume~1\owner\locals~1\temp\nvsvc32.exe
uRun: [MKaoc] c:\windows\debug.exe
uRun: [HNUmaIXnusc] c:\docume~1\owner\locals~1\temp\winlogon.exe
uRun: [HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe] c:\docume~1\owner\locals~1\temp\3749294140.exe
uRun: [MKZe] c:\windows\avp.exe
uRun: [HNUmaIXnwg] c:\docume~1\owner\locals~1\temp\spoolsv.exe
uRun: [HNUmaIXnsf] c:\docume~1\owner\locals~1\temp\lsass.exe
uRun: [HNUmaIXnsb] c:\docume~1\owner\locals~1\temp\drweb.exe
uRun: [HNUmaIXnvc] c:\docume~1\owner\locals~1\temp\user.exe
uRun: [MKaZ] c:\windows\cmd.exe
uRun: [MKetc] c:\windows\sysedit.exe
uRun: [MKfpe] c:\windows\winamp.exe
uRun: [HNUmaIXnvZ] c:\docume~1\owner\locals~1\temp\install.exe
uRun: [HNUmaIXnrc] c:\docume~1\owner\locals~1\temp\winamp.exe
uRun: [HNUmaIXnth] c:\docume~1\owner\locals~1\temp\svchost.exe
uRun: [MKbuqc] c:\windows\iexplarer.exe
uRun: [HNUmaIXnqg] c:\docume~1\owner\locals~1\temp\hexdump.exe
uRun: [HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe] c:\docume~1\owner\locals~1\temp\3695036898.exe
uRun: [MKdw+] c:\windows\nvsvc32.exe
uRun: [MKfa] c:\windows\win.exe
uRun: [HNUmaIXn0Z] c:\docume~1\owner\locals~1\temp\system.exe
uRun: [HNUmaIXnfQ] c:\docume~1\owner\locals~1\temp\win16.exe
uRun: [MKcZ] c:\windows\mdm.exe
uRun: [HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe] c:\docume~1\owner\locals~1\temp\3521232670.exe
uRun: [HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe] c:\docume~1\owner\locals~1\temp\183863508.exe
uRun: [HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe] c:\docume~1\owner\locals~1\temp\1972166568.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [MKfre] c:\windows\wininst.exe
mRun: [MKasc] c:\windows\drweb.exe
mRun: [MKbta] c:\windows\install.exe
mRun: [HNUmaIXnte] c:\docume~1\owner\locals~1\temp\msmgm.exe
mRun: [HNUmaIXntpf] c:\docume~1\owner\locals~1\temp\iexplarer.exe
mRun: [MKZSc] c:\windows\avp32.exe
mRun: [HNUmaIXnb] c:\docume~1\owner\locals~1\temp\mdm.exe
mRun: [MKee] c:\windows\user.exe
mRun: [HNUmaIXnwpc] c:\docume~1\owner\locals~1\temp\services.exe
mRun: [MKbtc] c:\windows\hexdump.exe
mRun: [HNUmaIXnd] c:\docume~1\owner\locals~1\temp\avp.exe
mRun: [HNUmaIXneP] c:\docume~1\owner\locals~1\temp\avp32.exe
mRun: [MKerb] c:\windows\taskmgr.exe
mRun: [MKctc] c:\windows\msmgm.exe
mRun: [MKcrc] c:\windows\login.exe
mRun: [MKfPc] c:\windows\win32.exe
mRun: [MKayc] c:\windows\csrss.exe
mRun: [HNUmaIXnsd] c:\docume~1\owner\locals~1\temp\taskmgr.exe
mRun: [HNUmaIXnqe] c:\docume~1\owner\locals~1\temp\login.exe
mRun: [MKbMc] c:\windows\gdi32.exe
mRun: [HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe] c:\docume~1\owner\locals~1\temp\1940034883.exe
mRun: [HNUmaIXnZP] c:\docume~1\owner\locals~1\temp\gdi32.exe
mRun: [HNUmaIXntg] c:\docume~1\owner\locals~1\temp\wininst.exe
mRun: [HNUmaIXnxc] c:\docume~1\owner\locals~1\temp\smss.exe
mRun: [HNUmaIXnf] c:\docume~1\owner\locals~1\temp\win.exe
mRun: [MKeuf] c:\windows\spoolsv.exe
mRun: [HNUmaIXnoc] c:\docume~1\owner\locals~1\temp\debug.exe
mRun: [HNUmaIXngP] c:\docume~1\owner\locals~1\temp\win32.exe
mRun: [HNUmaIXnY] c:\docume~1\owner\locals~1\temp\cmd.exe
mRun: [HNUmaIXnuf] c:\docume~1\owner\locals~1\temp\csrss.exe
mRun: [MKevc] c:\windows\setup.exe
mRun: [HNUmaIXnwe] c:\docume~1\owner\locals~1\temp\setup.exe
mRun: [HNUmaIXnxb] c:\docume~1\owner\locals~1\temp\sysedit.exe
mRun: [HNUmaIXnz9] c:\docume~1\owner\locals~1\temp\nvsvc32.exe
mRun: [MKaoc] c:\windows\debug.exe
mRun: [HNUmaIXnusc] c:\docume~1\owner\locals~1\temp\winlogon.exe
mRun: [HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe] c:\docume~1\owner\locals~1\temp\3749294140.exe
mRun: [MKZe] c:\windows\avp.exe
mRun: [HNUmaIXnwg] c:\docume~1\owner\locals~1\temp\spoolsv.exe
mRun: [HNUmaIXnsf] c:\docume~1\owner\locals~1\temp\lsass.exe
mRun: [HNUmaIXnsb] c:\docume~1\owner\locals~1\temp\drweb.exe
mRun: [HNUmaIXnvc] c:\docume~1\owner\locals~1\temp\user.exe
mRun: [MKaZ] c:\windows\cmd.exe
mRun: [MKetc] c:\windows\sysedit.exe
mRun: [MKfpe] c:\windows\winamp.exe
mRun: [HNUmaIXnvZ] c:\docume~1\owner\locals~1\temp\install.exe
mRun: [HNUmaIXnrc] c:\docume~1\owner\locals~1\temp\winamp.exe
mRun: [HNUmaIXnth] c:\docume~1\owner\locals~1\temp\svchost.exe
mRun: [MKbuqc] c:\windows\iexplarer.exe
mRun: [HNUmaIXnqg] c:\docume~1\owner\locals~1\temp\hexdump.exe
mRun: [HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe] c:\docume~1\owner\locals~1\temp\3695036898.exe
mRun: [MKdw+] c:\windows\nvsvc32.exe
mRun: [MKfa] c:\windows\win.exe
mRun: [HNUmaIXn0Z] c:\docume~1\owner\locals~1\temp\system.exe
mRun: [MKcuc] c:\windows\lsass.exe
mRun: [HNUmaIXnfQ] c:\docume~1\owner\locals~1\temp\win16.exe
mRun: [MKcZ] c:\windows\mdm.exe
mRun: [HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe] c:\docume~1\owner\locals~1\temp\3521232670.exe
mRun: [HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe] c:\docume~1\owner\locals~1\temp\183863508.exe
mRun: [HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe] c:\docume~1\owner\locals~1\temp\1972166568.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} - hxxp://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://cdn.ll.neoedge.com/webgames/WeddingDash/WeddingDash.1.0.0.47.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\njx4y.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\njx4y.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xwn0wu18.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101066100&s=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xwn0wu18.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: tektek.org GaiaOnline Toolbar 2.1: {0df7b3bb-9581-44bb-835f-061a29ec8a46} - %profile%\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101066100&s=
============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-9 103280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-26 24652]
S2 gupdate1c9bdebbffb3aea;Google Update Service (gupdate1c9bdebbffb3aea);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-19 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-2 30560]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]

=============== Created Last 30 ================

2011-01-23 17:34:51 21108 ---h--w- c:\windows\iexplarer.exe
2011-01-23 01:22:29 21108 ---h--w- c:\windows\system.exe
2011-01-22 20:04:52 21108 ---h--w- c:\windows\winamp.exe
2011-01-22 16:30:31 21108 ---h--w- c:\windows\sysedit.exe
2011-01-22 16:30:29 21108 ---h--w- c:\windows\cmd.exe
2011-01-22 11:05:45 21108 ---h--w- c:\windows\avp.exe
2011-01-22 05:40:59 21108 ---h--w- c:\windows\debug.exe
2011-01-22 00:24:17 21108 ---h--w- c:\windows\setup.exe
2011-01-22 00:24:16 21108 ---h--w- c:\windows\services.exe
2011-01-21 20:53:28 21108 ---h--w- c:\windows\spoolsv.exe
2011-01-21 20:53:27 21108 ---h--w- c:\windows\svchost.exe
2011-01-21 19:10:58 21108 ---h--w- c:\windows\win16.exe
2011-01-21 09:31:49 21108 ---h--w- c:\windows\smss.exe
2011-01-21 09:31:48 21108 ---h--w- c:\windows\gdi32.exe
2011-01-21 07:41:17 21108 ---h--w- c:\windows\csrss.exe
2011-01-21 05:50:45 21108 ---h--w- c:\windows\nvsvc32.exe
2011-01-21 05:50:43 21108 ---h--w- c:\windows\winlogon.exe
2011-01-21 05:50:43 21108 ---h--w- c:\windows\win32.exe
2011-01-21 04:00:30 21108 ---h--w- c:\windows\login.exe
2011-01-21 04:00:29 21108 ---h--w- c:\windows\msmgm.exe
2011-01-21 04:00:29 21108 ---h--w- c:\windows\mdm.exe
2011-01-21 02:10:19 21108 ---h--w- c:\windows\taskmgr.exe
2011-01-21 00:20:25 21108 ---h--w- c:\windows\lsass.exe
2011-01-21 00:20:24 21108 ---h--w- c:\windows\hexdump.exe
2011-01-21 00:20:23 21108 ---h--w- c:\windows\win.exe
2011-01-20 22:36:09 21108 ---h--w- c:\windows\user.exe
2011-01-20 22:36:09 21108 ---h--w- c:\windows\avp32.exe
2011-01-19 03:37:10 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-19 03:36:21 -------- d-----w- c:\program files\common files\Motorola Shared
2011-01-19 03:36:07 -------- d-----w- c:\program files\Motorola
2011-01-11 00:56:03 -------- d-----w- c:\program files\Yahoo! Games
2011-01-09 04:33:51 -------- d-----w- c:\program files\Games
2011-01-09 04:19:31 -------- d-----w- c:\program files\uTorrent
2011-01-09 04:18:42 -------- d-----w- c:\docume~1\owner\applic~1\uTorrent
2011-01-09 03:45:50 44181 ---h--w- c:\windows\install.exe

==================== Find3M ====================

2011-01-13 06:28:41 44181 ---h--w- c:\windows\drweb.exe
2010-12-23 07:43:58 53252 ---h--w- c:\windows\wininst.exe
2010-11-08 02:21:26 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP

============= FINISH: 15:17:07.78 ===============


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-26 15:07:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ST3160812AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwkdrpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF651F000, 0x17C940, 0xE8000020]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

C:\WINDOWS\csrss.exe[528] C:\WINDOWS\csrss.exe entry point in "" section [0x00431F76]
C:\WINDOWS\csrss.exe[528] C:\WINDOWS\csrss.exe unknown last code section [0x0042D000, 0x6000, 0xC00000E0]
C:\WINDOWS\svchost.exe[908] C:\WINDOWS\svchost.exe entry point in "" section [0x00431F76]
C:\WINDOWS\svchost.exe[908] C:\WINDOWS\svchost.exe unknown last code section [0x0042D000, 0x6000, 0xC00000E0]
C:\WINDOWS\csrss.exe[2852] C:\WINDOWS\csrss.exe entry point in "" section [0x00431F76]
C:\WINDOWS\csrss.exe[2852] C:\WINDOWS\csrss.exe unknown last code section [0x0042D000, 0x6000, 0xC00000E0]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogon.exe[4756] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogon.exe entry point in "" section [0x00431F76]
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogon.exe[4756] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogon.exe unknown last code section [0x0042D000, 0x6000, 0xC00000E0]
C:\WINDOWS\services.exe[5880] C:\WINDOWS\services.exe entry point in "" section [0x00431F76]
C:\WINDOWS\services.exe[5880] C:\WINDOWS\services.exe unknown last code section [0x0042D000, 0x6000, 0xC00000E0]

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\HPZipm12.exe (*** hidden *** ) 3920

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@MKfPc C:\WINDOWS\win16.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@MKeta C:\WINDOWS\services.exe

---- EOF - GMER 1.0.15 ----



Thank you in advance for any help. :3

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:27 AM

Posted 27 January 2011 - 02:49 AM

Hi,


First of all, I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.





I don't believe your Malwarebytes is up to date though, so First of all, please update MalwareBytes, because the databaseversion may be outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Phonat

Phonat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 27 January 2011 - 11:05 PM

Hi miekiemoes, thank you for your help! :3

Here's the MBAM log, as requested:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5625

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/27/2011 9:57:08 PM
mbam-log-2011-01-27 (21-57-08).txt

Scan type: Quick scan
Objects scanned: 161871
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 48
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 140
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 171

Memory Processes Infected:
c:\WINDOWS\wininst.exe (Trojan.Downloader) -> 1952 -> Unloaded process successfully.
c:\WINDOWS\wininst.exe (Trojan.Downloader) -> 2060 -> Unloaded process successfully.
c:\WINDOWS\drweb.exe (Trojan.Dropper) -> 1964 -> Unloaded process successfully.
c:\WINDOWS\drweb.exe (Trojan.Dropper) -> 2076 -> Unloaded process successfully.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> 1980 -> Unloaded process successfully.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> 2136 -> Unloaded process successfully.
c:\WINDOWS\avp32.exe (Malware.Packer.Gen) -> 2016 -> Unloaded process successfully.
c:\WINDOWS\avp32.exe (Malware.Packer.Gen) -> 2304 -> Unloaded process successfully.
c:\WINDOWS\user.exe (Malware.Packer.Gen) -> 2044 -> Unloaded process successfully.
c:\WINDOWS\user.exe (Malware.Packer.Gen) -> 2348 -> Unloaded process successfully.
c:\WINDOWS\hexdump.exe (Malware.Packer.Gen) -> 188 -> Unloaded process successfully.
c:\WINDOWS\hexdump.exe (Malware.Packer.Gen) -> 2404 -> Unloaded process successfully.
c:\WINDOWS\taskmgr.exe (Malware.Packer.Gen) -> 204 -> Unloaded process successfully.
c:\WINDOWS\taskmgr.exe (Malware.Packer.Gen) -> 2572 -> Unloaded process successfully.
c:\WINDOWS\msmgm.exe (Malware.Packer.Gen) -> 236 -> Unloaded process successfully.
c:\WINDOWS\msmgm.exe (Malware.Packer.Gen) -> 2596 -> Unloaded process successfully.
c:\WINDOWS\login.exe (Malware.Packer.Gen) -> 244 -> Unloaded process successfully.
c:\WINDOWS\login.exe (Malware.Packer.Gen) -> 2640 -> Unloaded process successfully.
c:\WINDOWS\win16.exe (Malware.Packer.Gen) -> 268 -> Unloaded process successfully.
c:\WINDOWS\win16.exe (Malware.Packer.Gen) -> 2672 -> Unloaded process successfully.
c:\WINDOWS\csrss.exe (Malware.Packer.Gen) -> 280 -> Unloaded process successfully.
c:\WINDOWS\csrss.exe (Malware.Packer.Gen) -> 2736 -> Unloaded process successfully.
c:\WINDOWS\gdi32.exe (Malware.Packer.Gen) -> 348 -> Unloaded process successfully.
c:\WINDOWS\gdi32.exe (Malware.Packer.Gen) -> 2868 -> Unloaded process successfully.
c:\WINDOWS\spoolsv.exe (Malware.Packer.Gen) -> 444 -> Unloaded process successfully.
c:\WINDOWS\spoolsv.exe (Malware.Packer.Gen) -> 3008 -> Unloaded process successfully.
c:\WINDOWS\setup.exe (Malware.Packer.Gen) -> 680 -> Unloaded process successfully.
c:\WINDOWS\setup.exe (Malware.Packer.Gen) -> 3072 -> Unloaded process successfully.
c:\WINDOWS\debug.exe (Malware.Packer.Gen) -> 904 -> Unloaded process successfully.
c:\WINDOWS\debug.exe (Malware.Packer.Gen) -> 3124 -> Unloaded process successfully.
c:\WINDOWS\avp.exe (Malware.Packer.Gen) -> 964 -> Unloaded process successfully.
c:\WINDOWS\avp.exe (Malware.Packer.Gen) -> 3160 -> Unloaded process successfully.
c:\WINDOWS\cmd.exe (Malware.Packer.Gen) -> 1096 -> Unloaded process successfully.
c:\WINDOWS\cmd.exe (Malware.Packer.Gen) -> 3220 -> Unloaded process successfully.
c:\WINDOWS\sysedit.exe (Malware.Packer.Gen) -> 1112 -> Unloaded process successfully.
c:\WINDOWS\sysedit.exe (Malware.Packer.Gen) -> 3232 -> Unloaded process successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> 1132 -> Unloaded process successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> 3252 -> Unloaded process successfully.
c:\WINDOWS\iexplarer.exe (Malware.Packer.Gen) -> 1180 -> Unloaded process successfully.
c:\WINDOWS\iexplarer.exe (Malware.Packer.Gen) -> 3308 -> Unloaded process successfully.
c:\WINDOWS\nvsvc32.exe (Malware.Packer.Gen) -> 1384 -> Unloaded process successfully.
c:\WINDOWS\nvsvc32.exe (Malware.Packer.Gen) -> 3352 -> Unloaded process successfully.
c:\WINDOWS\win.exe (Malware.Packer.Gen) -> 1348 -> Unloaded process successfully.
c:\WINDOWS\win.exe (Malware.Packer.Gen) -> 3364 -> Unloaded process successfully.
c:\WINDOWS\mdm.exe (Malware.Packer.Gen) -> 1528 -> Unloaded process successfully.
c:\WINDOWS\mdm.exe (Malware.Packer.Gen) -> 3400 -> Unloaded process successfully.
c:\WINDOWS\system.exe (Malware.Packer.Gen) -> 1264 -> Unloaded process successfully.
c:\WINDOWS\system.exe (Malware.Packer.Gen) -> 3472 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\njx4y.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{D6BA40A1-A502-59BD-F413-04B03A2C8953} (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6BA40A1-A502-59BD-F413-04B03A2C8953} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6BA40A1-A502-59BD-F413-04B03A2C8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfre (Trojan.Downloader) -> Value: MKfre -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfre (Trojan.Downloader) -> Value: MKfre -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKasc (Trojan.Dropper) -> Value: MKasc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKasc (Trojan.Dropper) -> Value: MKasc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbta (Malware.Packer.Gen) -> Value: MKbta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKZSc (Malware.Packer.Gen) -> Value: MKZSc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKZSc (Malware.Packer.Gen) -> Value: MKZSc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKee (Malware.Packer.Gen) -> Value: MKee -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKee (Malware.Packer.Gen) -> Value: MKee -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbtc (Malware.Packer.Gen) -> Value: MKbtc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbtc (Malware.Packer.Gen) -> Value: MKbtc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerb (Malware.Packer.Gen) -> Value: MKerb -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerb (Malware.Packer.Gen) -> Value: MKerb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKctc (Malware.Packer.Gen) -> Value: MKctc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKctc (Malware.Packer.Gen) -> Value: MKctc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcrc (Malware.Packer.Gen) -> Value: MKcrc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcrc (Malware.Packer.Gen) -> Value: MKcrc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfPc (Malware.Packer.Gen) -> Value: MKfPc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfPc (Malware.Packer.Gen) -> Value: MKfPc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKayc (Malware.Packer.Gen) -> Value: MKayc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKayc (Malware.Packer.Gen) -> Value: MKayc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbMc (Malware.Packer.Gen) -> Value: MKbMc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbMc (Malware.Packer.Gen) -> Value: MKbMc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeuf (Malware.Packer.Gen) -> Value: MKeuf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeuf (Malware.Packer.Gen) -> Value: MKeuf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKevc (Malware.Packer.Gen) -> Value: MKevc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKevc (Malware.Packer.Gen) -> Value: MKevc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaoc (Malware.Packer.Gen) -> Value: MKaoc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKZe (Malware.Packer.Gen) -> Value: MKZe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKZe (Malware.Packer.Gen) -> Value: MKZe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaZ (Malware.Packer.Gen) -> Value: MKaZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKaZ (Malware.Packer.Gen) -> Value: MKaZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKetc (Malware.Packer.Gen) -> Value: MKetc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKetc (Malware.Packer.Gen) -> Value: MKetc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfpe (Malware.Packer.Gen) -> Value: MKfpe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbuqc (Malware.Packer.Gen) -> Value: MKbuqc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKbuqc (Malware.Packer.Gen) -> Value: MKbuqc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKdw+ (Malware.Packer.Gen) -> Value: MKdw+ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKdw+ (Malware.Packer.Gen) -> Value: MKdw+ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfa (Malware.Packer.Gen) -> Value: MKfa -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfa (Malware.Packer.Gen) -> Value: MKfa -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcZ (Malware.Packer.Gen) -> Value: MKcZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKexe (Malware.Packer.Gen) -> Value: MKexe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKexe (Malware.Packer.Gen) -> Value: MKexe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{D6BA40A1-A502-59BD-F413-04B03A2C8953} (Trojan.Agent) -> Value: {D6BA40A1-A502-59BD-F413-04B03A2C8953} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnY (Malware.Packer.Gen) -> Value: HNUmaIXnY -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnY (Malware.Packer.Gen) -> Value: HNUmaIXnY -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnte (Malware.Packer.Gen) -> Value: HNUmaIXnte -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnte (Malware.Packer.Gen) -> Value: HNUmaIXnte -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXntpf (Malware.Packer.Gen) -> Value: HNUmaIXntpf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXntpf (Malware.Packer.Gen) -> Value: HNUmaIXntpf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnb (Malware.Packer.Gen) -> Value: HNUmaIXnb -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnb (Malware.Packer.Gen) -> Value: HNUmaIXnb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnwpc (Malware.Packer.Gen) -> Value: HNUmaIXnwpc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnwpc (Malware.Packer.Gen) -> Value: HNUmaIXnwpc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnd (Malware.Packer.Gen) -> Value: HNUmaIXnd -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnd (Malware.Packer.Gen) -> Value: HNUmaIXnd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXneP (Malware.Packer.Gen) -> Value: HNUmaIXneP -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXneP (Malware.Packer.Gen) -> Value: HNUmaIXneP -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnsd (Malware.Packer.Gen) -> Value: HNUmaIXnsd -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnsd (Malware.Packer.Gen) -> Value: HNUmaIXnsd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnqe (Malware.Packer.Gen) -> Value: HNUmaIXnqe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnqe.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMOTOVHosWLGDMypGaRGrVUAzkSFLmQpEKSJhty9FPxX0qB
L12GnKmxpsGYNjWmemkyFciMOBn69OhRZkyORI0mzcm0IMqDT2F2VPmxqFSpLK8mRKqUqNevXnf6
2em0KtilIa3SlNkU4dedYOG6PBuWKFy7Nnn+hMq2q9G/QaF+nYvW4d62EgPz9Sh3JEKWQ3dKrjpZ
LlKvhO2aJSxzLFfHCu/G/Ze1ZF+pHA9TVYxYpVLRgj1zTsqV9kOyM0VSLEuXsWqCuxO7HCq89c21
oDPT7m2bGsuWx0/+RT3cslm7Q4OKfM69tHTHjEUe/52+OXrN2oDTF76teSL04rP9GvT5/uHY58FL
toeo9jxz1lN95tZkz02XVl22UUcScR75gVlv89UnUHct+SaZT6f1ZdJ6a0UlmHEPAXigdRxGJJ5P
v+U3ElGePajcP5M5B+NvfGnFH2laobSZhzcKl1J4Vm3n4F00jiegQNmBlNJ9BmWF3oIfZecbS845
qR5nNiI303uB9QfifFqi12R+dUm0V4kT/uTdTZJliBtN95GZoUQSKgbkl0gqmZuXHq7kIE2UeXkV
hmDm6NKaMKG41IKEAqpbi1W+mSVOVgI3lkNo1vSTdiLCSOVW1yG5YW6JDlRalFVlGRKNeUZ5V4QU
sf96kIQ0xcpkcqL+p5mumYJnmqn18RjomRp2lpWiFF2WI3GW2nqgU9B+1J14BLXUWEK7jYWirL2a
N+OzZ135n6m74fRRQaJtqJmegTGrLYrHHRkRRbe+at9h0jq74rVP/ShriHNCK9AUkAH3G0+1FZUw
ukraWm6HasnroaxidWeiiuRq691lijWKZ5MFw7gYWyweiBZl9BYsL0yCajkrCgRzvB26iCZHEpU7
GktfrG6ZSmq+kvYYJr3wPomfmhUqvGCcQyI5xdMxS9WmqluNBPPVUR9qaEQsYQ3zn6FtS2+pq/rh
NQoo/LuRwIeWxiSKkJFlJaM7G0WktASzlHfLQs3/OgXMT2Od9Y1IpXI12n+jjXbQ8ZLmcOB/R654
4lNsCjDHGT7nm7SeUilbvremhduGBE+BlN5gBwyaeEmZjfjZaH86r+Sv15421YW6JDntsKfu68qk
zkg0yEe/G/Z4FMV8M8Fq36QWdBR5DbXgvvdMTeKKP0e54s87zHR+kytuO+VKfYfQtn7Wp/3cYYvc
px95C6/70zG1OdiZZC0NO/aVN2Q2+cDhXd8mkrzJmU48h0PBu+Dls9D4ZiY725bm0rQV3BDrQKXb
UPKYx5xoIekk8Ntd4FQiPtM1SYSsIhTrSPM6E5pKfN97130goy2Uwe17e6vSp6xSoDxZ7jSYgdHT
/2gVQtMNqWUoURPbQiK42OFuYJJjFeQU6Cm/rIwaCVRLKqbnnMPIMFHnIo0MPeY4/BzNYTuLU6N0
pJUtOklpIZQNxnomsq0UcXfswgn2FOgqthhOfEZpWoeYCMNATk5Gb3IV02hIxgOKkV46vNZEztXD
lGHHjG5knveGOAUYUZJLUKkQtLYovqu1iCFeExf/GEUrg0yxQv+D2UrAqBuxIWlID1tSymI1y1XN
SpSeipVl4PcnzKwvgguMThj9Jj0UaAcwe5RV+GaIL4W4zpR7JFgwvRef1FguZZcqDb2iJhf69PBA
cbqTqXK4KqgBM1EgQdRKqGWXKQJQYDEJX1BoV/+5C40uIfAL3/j29pMf/qVIExojflIzl1rxUodR
qsiPrlfEuBGzfyeJJ74SeahmYjQie5ToWrb3zvBMDTilLGEpH+bJ00jJMbKzmxnPBbpkEUlkeetO
OYdYMZ5esFjehOQ8G0pK21UvS2QMaOQOskHEAQhZH9nd17Yo1fochnEwqRkBMbmz5giLReCMH0f2
tjYBiUWFh4oc5D5qPvrMpZQ3a1H4fuXJyewRBdW6Kz3JIqs3UmuGyrMMYZyFOcbASXuV88xFRYm5
krh1J1PMXqfm8xHAAc5xeTUlkKwizGspKXyRuR7/nPkZMrqHXHs5ouZ0JK8x/ig3xEQJ/CrGS4D/
DUmqf7uURsZayk5Wq4Q3E6arhhXGkBYkcIhzZGSoM8PQfZAxxFSSwjz4wWDKBl2lcxBRoDZdHgFU
iL17La5QKULIIBdw6IsSywzkSdEecpn2NN1VI5jCZVqXbzWCFZNCKJbCndMi8Vwr2rqkOpgma38J
jNm2TqKwTRmOfLV5MOK4Y6v/fsa+wPpcwBa0pyCxKLv5G2cxzSQQBH+0XwUu40jsmeDbAbgof4xc
ivq5zAZJKTIgkeRgQ+ayifwsN5ykn3Uzid/QgHe0ah3xU2m1krvqdTzROcxKV1Lb4AipWKtCWVj+
QVYPNqehXq5Sl09XujkuUVSeOu9oY/fPJzI1/7QI3N1k6zghU+qJgAXRbYhMak7tiunMpj2OT1yY
VQWPcSEHoyqLkzxnaDUXJvbUc4+talpUla3ArI2Y6B7IsRsr7VviNZmeykwYazFtS25xjpr16ea1
pelodMNd86pLrk49SWnr8edVPXi3kwKUuw3emOPqxpuyWVbGjU6PjcDZk+v2RTXLUS+wSPblwbAs
QdNVFfruvCJNVyZQ3tSbYMUInnheSotOKWDMTgUih2X5zAyrVv4y9CT2emuAdWWgj1MMlWR5iWcN
TDU+36TV1kRKovDiqNQAwyeT1fvPtKbaCtnkTxwJyE7uU1ZWK9LK8RbY2QbPc3CyoyGamhk1Rf82
0MPt3WNsDbehzSbjYHTZ8YiHCVP3Zjm91SPMb5H72gzNzM4Fg5dUz/xFCtKQ2AQb3Bmu8MIc97O4
utJdnX/ocgVOrdhEijCmAA/eSa/3cBjWLqahe9r5bcprV+7dhYfEQcUrNtilg2KqzZrBhcU1ljuT
RuJBcGSJqftusVNFg5Fc7WXlN+EGaW31dFGNwOJwzn+3Oupu2OEzM/fvIqqvQW7t2ew5WX6j7Ufo
PLPe2p1NsCUKZUyNavE4gRvR0UXJzgvNNWcWfPuwTtO0jGzlVGncrbtFQXo3XGqNerTN9m2Y4Svb
NbqZfBI3JTNiUdl6n/b43oGPLTpfe15JvY+suYSG8UYH2sjU9/HxAWazbHN+6RKEf0F9f/Ee0001
NEyaoSDO77Xj16wKJzDz10ZzYUFs03balxHwN1wL2IBL5yryl2NxQh0fw36IRnnG530+khcaeHcY
0Ue3BDedtXQLFIEmaEutlig114FKt2zJhhgYpoFfwkAxAXkviC04pmtQpSi4pINiA4GWdhUpl3Yt
h2g/hSOI93ny43kqdh5M2HphZCR84YNjZIIBAQA7== (Malware.Packer.Gen) -> Value: HNUmaIXnqe.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMOTOVHosWLGDMypGaRGrVUAzkSFLmQpEKSJhty9FPxX0qB
L12GnKmxpsGYNjWmemkyFciMOBn69OhRZkyORI0mzcm0IMqDT2F2VPmxqFSpLK8mRKqUqNevXnf6
2em0KtilIa3SlNkU4dedYOG6PBuWKFy7Nnn+hMq2q9G/QaF+nYvW4d62EgPz9Sh3JEKWQ3dKrjpZ
LlKvhO2aJSxzLFfHCu/G/Ze1ZF+pHA9TVYxYpVLRgj1zTsqV9kOyM0VSLEuXsWqCuxO7HCq89c21
oDPT7m2bGsuWx0/+RT3cslm7Q4OKfM69tHTHjEUe/52+OXrN2oDTF76teSL04rP9GvT5/uHY58FL
toeo9jxz1lN95tZkz02XVl22UUcScR75gVlv89UnUHct+SaZT6f1ZdJ6a0UlmHEPAXigdRxGJJ5P
v+U3ElGePajcP5M5B+NvfGnFH2laobSZhzcKl1J4Vm3n4F00jiegQNmBlNJ9BmWF3oIfZecbS845
qR5nNiI303uB9QfifFqi12R+dUm0V4kT/uTdTZJliBtN95GZoUQSKgbkl0gqmZuXHq7kIE2UeXkV
hmDm6NKaMKG41IKEAqpbi1W+mSVOVgI3lkNo1vSTdiLCSOVW1yG5YW6JDlRalFVlGRKNeUZ5V4QU
sf96kIQ0xcpkcqL+p5mumYJnmqn18RjomRp2lpWiFF2WI3GW2nqgU9B+1J14BLXUWEK7jYWirL2a
N+OzZ135n6m74fRRQaJtqJmegTGrLYrHHRkRRbe+at9h0jq74rVP/ShriHNCK9AUkAH3G0+1FZUw
ukraWm6HasnroaxidWeiiuRq691lijWKZ5MFw7gYWyweiBZl9BYsL0yCajkrCgRzvB26iCZHEpU7
GktfrG6ZSmq+kvYYJr3wPomfmhUqvGCcQyI5xdMxS9WmqluNBPPVUR9qaEQsYQ3zn6FtS2+pq/rh
NQoo/LuRwIeWxiSKkJFlJaM7G0WktASzlHfLQs3/OgXMT2Od9Y1IpXI12n+jjXbQ8ZLmcOB/R654
4lNsCjDHGT7nm7SeUilbvremhduGBE+BlN5gBwyaeEmZjfjZaH86r+Sv15421YW6JDntsKfu68qk
zkg0yEe/G/Z4FMV8M8Fq36QWdBR5DbXgvvdMTeKKP0e54s87zHR+kytuO+VKfYfQtn7Wp/3cYYvc
px95C6/70zG1OdiZZC0NO/aVN2Q2+cDhXd8mkrzJmU48h0PBu+Dls9D4ZiY725bm0rQV3BDrQKXb
UPKYx5xoIekk8Ntd4FQiPtM1SYSsIhTrSPM6E5pKfN97130goy2Uwe17e6vSp6xSoDxZ7jSYgdHT
/2gVQtMNqWUoURPbQiK42OFuYJJjFeQU6Cm/rIwaCVRLKqbnnMPIMFHnIo0MPeY4/BzNYTuLU6N0
pJUtOklpIZQNxnomsq0UcXfswgn2FOgqthhOfEZpWoeYCMNATk5Gb3IV02hIxgOKkV46vNZEztXD
lGHHjG5knveGOAUYUZJLUKkQtLYovqu1iCFeExf/GEUrg0yxQv+D2UrAqBuxIWlID1tSymI1y1XN
SpSeipVl4PcnzKwvgguMThj9Jj0UaAcwe5RV+GaIL4W4zpR7JFgwvRef1FguZZcqDb2iJhf69PBA
cbqTqXK4KqgBM1EgQdRKqGWXKQJQYDEJX1BoV/+5C40uIfAL3/j29pMf/qVIExojflIzl1rxUodR
qsiPrlfEuBGzfyeJJ74SeahmYjQie5ToWrb3zvBMDTilLGEpH+bJ00jJMbKzmxnPBbpkEUlkeetO
OYdYMZ5esFjehOQ8G0pK21UvS2QMaOQOskHEAQhZH9nd17Yo1fochnEwqRkBMbmz5giLReCMH0f2
tjYBiUWFh4oc5D5qPvrMpZQ3a1H4fuXJyewRBdW6Kz3JIqs3UmuGyrMMYZyFOcbASXuV88xFRYm5
krh1J1PMXqfm8xHAAc5xeTUlkKwizGspKXyRuR7/nPkZMrqHXHs5ouZ0JK8x/ig3xEQJ/CrGS4D/
DUmqf7uURsZayk5Wq4Q3E6arhhXGkBYkcIhzZGSoM8PQfZAxxFSSwjz4wWDKBl2lcxBRoDZdHgFU
iL17La5QKULIIBdw6IsSywzkSdEecpn2NN1VI5jCZVqXbzWCFZNCKJbCndMi8Vwr2rqkOpgma38J
jNm2TqKwTRmOfLV5MOK4Y6v/fsa+wPpcwBa0pyCxKLv5G2cxzSQQBH+0XwUu40jsmeDbAbgof4xc
ivq5zAZJKTIgkeRgQ+ayifwsN5ykn3Uzid/QgHe0ah3xU2m1krvqdTzROcxKV1Lb4AipWKtCWVj+
QVYPNqehXq5Sl09XujkuUVSeOu9oY/fPJzI1/7QI3N1k6zghU+qJgAXRbYhMak7tiunMpj2OT1yY
VQWPcSEHoyqLkzxnaDUXJvbUc4+talpUla3ArI2Y6B7IsRsr7VviNZmeykwYazFtS25xjpr16ea1
pelodMNd86pLrk49SWnr8edVPXi3kwKUuw3emOPqxpuyWVbGjU6PjcDZk+v2RTXLUS+wSPblwbAs
QdNVFfruvCJNVyZQ3tSbYMUInnheSotOKWDMTgUih2X5zAyrVv4y9CT2emuAdWWgj1MMlWR5iWcN
TDU+36TV1kRKovDiqNQAwyeT1fvPtKbaCtnkTxwJyE7uU1ZWK9LK8RbY2QbPc3CyoyGamhk1Rf82
0MPt3WNsDbehzSbjYHTZ8YiHCVP3Zjm91SPMb5H72gzNzM4Fg5dUz/xFCtKQ2AQb3Bmu8MIc97O4
utJdnX/ocgVOrdhEijCmAA/eSa/3cBjWLqahe9r5bcprV+7dhYfEQcUrNtilg2KqzZrBhcU1ljuT
RuJBcGSJqftusVNFg5Fc7WXlN+EGaW31dFGNwOJwzn+3Oupu2OEzM/fvIqqvQW7t2ew5WX6j7Ufo
PLPe2p1NsCUKZUyNavE4gRvR0UXJzgvNNWcWfPuwTtO0jGzlVGncrbtFQXo3XGqNerTN9m2Y4Svb
NbqZfBI3JTNiUdl6n/b43oGPLTpfe15JvY+suYSG8UYH2sjU9/HxAWazbHN+6RKEf0F9f/Ee0001
NEyaoSDO77Xj16wKJzDz10ZzYUFs03balxHwN1wL2IBL5yryl2NxQh0fw36IRnnG530+khcaeHcY
0Ue3BDedtXQLFIEmaEutlig114FKt2zJhhgYpoFfwkAxAXkviC04pmtQpSi4pINiA4GWdhUpl3Yt
h2g/hSOI93ny43kqdh5M2HphZCR84YNjZIIBAQA7== -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnqe (Malware.Packer.Gen) -> Value: HNUmaIXnqe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnqe.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMOTOVHosWLGDMypGaRGrVUAzkSFLmQpEKSJhty9FPxX0qB
L12GnKmxpsGYNjWmemkyFciMOBn69OhRZkyORI0mzcm0IMqDT2F2VPmxqFSpLK8mRKqUqNevXnf6
2em0KtilIa3SlNkU4dedYOG6PBuWKFy7Nnn+hMq2q9G/QaF+nYvW4d62EgPz9Sh3JEKWQ3dKrjpZ
LlKvhO2aJSxzLFfHCu/G/Ze1ZF+pHA9TVYxYpVLRgj1zTsqV9kOyM0VSLEuXsWqCuxO7HCq89c21
oDPT7m2bGsuWx0/+RT3cslm7Q4OKfM69tHTHjEUe/52+OXrN2oDTF76teSL04rP9GvT5/uHY58FL
toeo9jxz1lN95tZkz02XVl22UUcScR75gVlv89UnUHct+SaZT6f1ZdJ6a0UlmHEPAXigdRxGJJ5P
v+U3ElGePajcP5M5B+NvfGnFH2laobSZhzcKl1J4Vm3n4F00jiegQNmBlNJ9BmWF3oIfZecbS845
qR5nNiI303uB9QfifFqi12R+dUm0V4kT/uTdTZJliBtN95GZoUQSKgbkl0gqmZuXHq7kIE2UeXkV
hmDm6NKaMKG41IKEAqpbi1W+mSVOVgI3lkNo1vSTdiLCSOVW1yG5YW6JDlRalFVlGRKNeUZ5V4QU
sf96kIQ0xcpkcqL+p5mumYJnmqn18RjomRp2lpWiFF2WI3GW2nqgU9B+1J14BLXUWEK7jYWirL2a
N+OzZ135n6m74fRRQaJtqJmegTGrLYrHHRkRRbe+at9h0jq74rVP/ShriHNCK9AUkAH3G0+1FZUw
ukraWm6HasnroaxidWeiiuRq691lijWKZ5MFw7gYWyweiBZl9BYsL0yCajkrCgRzvB26iCZHEpU7
GktfrG6ZSmq+kvYYJr3wPomfmhUqvGCcQyI5xdMxS9WmqluNBPPVUR9qaEQsYQ3zn6FtS2+pq/rh
NQoo/LuRwIeWxiSKkJFlJaM7G0WktASzlHfLQs3/OgXMT2Od9Y1IpXI12n+jjXbQ8ZLmcOB/R654
4lNsCjDHGT7nm7SeUilbvremhduGBE+BlN5gBwyaeEmZjfjZaH86r+Sv15421YW6JDntsKfu68qk
zkg0yEe/G/Z4FMV8M8Fq36QWdBR5DbXgvvdMTeKKP0e54s87zHR+kytuO+VKfYfQtn7Wp/3cYYvc
px95C6/70zG1OdiZZC0NO/aVN2Q2+cDhXd8mkrzJmU48h0PBu+Dls9D4ZiY725bm0rQV3BDrQKXb
UPKYx5xoIekk8Ntd4FQiPtM1SYSsIhTrSPM6E5pKfN97130goy2Uwe17e6vSp6xSoDxZ7jSYgdHT
/2gVQtMNqWUoURPbQiK42OFuYJJjFeQU6Cm/rIwaCVRLKqbnnMPIMFHnIo0MPeY4/BzNYTuLU6N0
pJUtOklpIZQNxnomsq0UcXfswgn2FOgqthhOfEZpWoeYCMNATk5Gb3IV02hIxgOKkV46vNZEztXD
lGHHjG5knveGOAUYUZJLUKkQtLYovqu1iCFeExf/GEUrg0yxQv+D2UrAqBuxIWlID1tSymI1y1XN
SpSeipVl4PcnzKwvgguMThj9Jj0UaAcwe5RV+GaIL4W4zpR7JFgwvRef1FguZZcqDb2iJhf69PBA
cbqTqXK4KqgBM1EgQdRKqGWXKQJQYDEJX1BoV/+5C40uIfAL3/j29pMf/qVIExojflIzl1rxUodR
qsiPrlfEuBGzfyeJJ74SeahmYjQie5ToWrb3zvBMDTilLGEpH+bJ00jJMbKzmxnPBbpkEUlkeetO
OYdYMZ5esFjehOQ8G0pK21UvS2QMaOQOskHEAQhZH9nd17Yo1fochnEwqRkBMbmz5giLReCMH0f2
tjYBiUWFh4oc5D5qPvrMpZQ3a1H4fuXJyewRBdW6Kz3JIqs3UmuGyrMMYZyFOcbASXuV88xFRYm5
krh1J1PMXqfm8xHAAc5xeTUlkKwizGspKXyRuR7/nPkZMrqHXHs5ouZ0JK8x/ig3xEQJ/CrGS4D/
DUmqf7uURsZayk5Wq4Q3E6arhhXGkBYkcIhzZGSoM8PQfZAxxFSSwjz4wWDKBl2lcxBRoDZdHgFU
iL17La5QKULIIBdw6IsSywzkSdEecpn2NN1VI5jCZVqXbzWCFZNCKJbCndMi8Vwr2rqkOpgma38J
jNm2TqKwTRmOfLV5MOK4Y6v/fsa+wPpcwBa0pyCxKLv5G2cxzSQQBH+0XwUu40jsmeDbAbgof4xc
ivq5zAZJKTIgkeRgQ+ayifwsN5ykn3Uzid/QgHe0ah3xU2m1krvqdTzROcxKV1Lb4AipWKtCWVj+
QVYPNqehXq5Sl09XujkuUVSeOu9oY/fPJzI1/7QI3N1k6zghU+qJgAXRbYhMak7tiunMpj2OT1yY
VQWPcSEHoyqLkzxnaDUXJvbUc4+talpUla3ArI2Y6B7IsRsr7VviNZmeykwYazFtS25xjpr16ea1
pelodMNd86pLrk49SWnr8edVPXi3kwKUuw3emOPqxpuyWVbGjU6PjcDZk+v2RTXLUS+wSPblwbAs
QdNVFfruvCJNVyZQ3tSbYMUInnheSotOKWDMTgUih2X5zAyrVv4y9CT2emuAdWWgj1MMlWR5iWcN
TDU+36TV1kRKovDiqNQAwyeT1fvPtKbaCtnkTxwJyE7uU1ZWK9LK8RbY2QbPc3CyoyGamhk1Rf82
0MPt3WNsDbehzSbjYHTZ8YiHCVP3Zjm91SPMb5H72gzNzM4Fg5dUz/xFCtKQ2AQb3Bmu8MIc97O4
utJdnX/ocgVOrdhEijCmAA/eSa/3cBjWLqahe9r5bcprV+7dhYfEQcUrNtilg2KqzZrBhcU1ljuT
RuJBcGSJqftusVNFg5Fc7WXlN+EGaW31dFGNwOJwzn+3Oupu2OEzM/fvIqqvQW7t2ew5WX6j7Ufo
PLPe2p1NsCUKZUyNavE4gRvR0UXJzgvNNWcWfPuwTtO0jGzlVGncrbtFQXo3XGqNerTN9m2Y4Svb
NbqZfBI3JTNiUdl6n/b43oGPLTpfe15JvY+suYSG8UYH2sjU9/HxAWazbHN+6RKEf0F9f/Ee0001
NEyaoSDO77Xj16wKJzDz10ZzYUFs03balxHwN1wL2IBL5yryl2NxQh0fw36IRnnG530+khcaeHcY
0Ue3BDedtXQLFIEmaEutlig114FKt2zJhhgYpoFfwkAxAXkviC04pmtQpSi4pINiA4GWdhUpl3Yt
h2g/hSOI93ny43kqdh5M2HphZCR84YNjZIIBAQA7== (Malware.Packer.Gen) -> Value: HNUmaIXnqe.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMOTOVHosWLGDMypGaRGrVUAzkSFLmQpEKSJhty9FPxX0qB
L12GnKmxpsGYNjWmemkyFciMOBn69OhRZkyORI0mzcm0IMqDT2F2VPmxqFSpLK8mRKqUqNevXnf6
2em0KtilIa3SlNkU4dedYOG6PBuWKFy7Nnn+hMq2q9G/QaF+nYvW4d62EgPz9Sh3JEKWQ3dKrjpZ
LlKvhO2aJSxzLFfHCu/G/Ze1ZF+pHA9TVYxYpVLRgj1zTsqV9kOyM0VSLEuXsWqCuxO7HCq89c21
oDPT7m2bGsuWx0/+RT3cslm7Q4OKfM69tHTHjEUe/52+OXrN2oDTF76teSL04rP9GvT5/uHY58FL
toeo9jxz1lN95tZkz02XVl22UUcScR75gVlv89UnUHct+SaZT6f1ZdJ6a0UlmHEPAXigdRxGJJ5P
v+U3ElGePajcP5M5B+NvfGnFH2laobSZhzcKl1J4Vm3n4F00jiegQNmBlNJ9BmWF3oIfZecbS845
qR5nNiI303uB9QfifFqi12R+dUm0V4kT/uTdTZJliBtN95GZoUQSKgbkl0gqmZuXHq7kIE2UeXkV
hmDm6NKaMKG41IKEAqpbi1W+mSVOVgI3lkNo1vSTdiLCSOVW1yG5YW6JDlRalFVlGRKNeUZ5V4QU
sf96kIQ0xcpkcqL+p5mumYJnmqn18RjomRp2lpWiFF2WI3GW2nqgU9B+1J14BLXUWEK7jYWirL2a
N+OzZ135n6m74fRRQaJtqJmegTGrLYrHHRkRRbe+at9h0jq74rVP/ShriHNCK9AUkAH3G0+1FZUw
ukraWm6HasnroaxidWeiiuRq691lijWKZ5MFw7gYWyweiBZl9BYsL0yCajkrCgRzvB26iCZHEpU7
GktfrG6ZSmq+kvYYJr3wPomfmhUqvGCcQyI5xdMxS9WmqluNBPPVUR9qaEQsYQ3zn6FtS2+pq/rh
NQoo/LuRwIeWxiSKkJFlJaM7G0WktASzlHfLQs3/OgXMT2Od9Y1IpXI12n+jjXbQ8ZLmcOB/R654
4lNsCjDHGT7nm7SeUilbvremhduGBE+BlN5gBwyaeEmZjfjZaH86r+Sv15421YW6JDntsKfu68qk
zkg0yEe/G/Z4FMV8M8Fq36QWdBR5DbXgvvdMTeKKP0e54s87zHR+kytuO+VKfYfQtn7Wp/3cYYvc
px95C6/70zG1OdiZZC0NO/aVN2Q2+cDhXd8mkrzJmU48h0PBu+Dls9D4ZiY725bm0rQV3BDrQKXb
UPKYx5xoIekk8Ntd4FQiPtM1SYSsIhTrSPM6E5pKfN97130goy2Uwe17e6vSp6xSoDxZ7jSYgdHT
/2gVQtMNqWUoURPbQiK42OFuYJJjFeQU6Cm/rIwaCVRLKqbnnMPIMFHnIo0MPeY4/BzNYTuLU6N0
pJUtOklpIZQNxnomsq0UcXfswgn2FOgqthhOfEZpWoeYCMNATk5Gb3IV02hIxgOKkV46vNZEztXD
lGHHjG5knveGOAUYUZJLUKkQtLYovqu1iCFeExf/GEUrg0yxQv+D2UrAqBuxIWlID1tSymI1y1XN
SpSeipVl4PcnzKwvgguMThj9Jj0UaAcwe5RV+GaIL4W4zpR7JFgwvRef1FguZZcqDb2iJhf69PBA
cbqTqXK4KqgBM1EgQdRKqGWXKQJQYDEJX1BoV/+5C40uIfAL3/j29pMf/qVIExojflIzl1rxUodR
qsiPrlfEuBGzfyeJJ74SeahmYjQie5ToWrb3zvBMDTilLGEpH+bJ00jJMbKzmxnPBbpkEUlkeetO
OYdYMZ5esFjehOQ8G0pK21UvS2QMaOQOskHEAQhZH9nd17Yo1fochnEwqRkBMbmz5giLReCMH0f2
tjYBiUWFh4oc5D5qPvrMpZQ3a1H4fuXJyewRBdW6Kz3JIqs3UmuGyrMMYZyFOcbASXuV88xFRYm5
krh1J1PMXqfm8xHAAc5xeTUlkKwizGspKXyRuR7/nPkZMrqHXHs5ouZ0JK8x/ig3xEQJ/CrGS4D/
DUmqf7uURsZayk5Wq4Q3E6arhhXGkBYkcIhzZGSoM8PQfZAxxFSSwjz4wWDKBl2lcxBRoDZdHgFU
iL17La5QKULIIBdw6IsSywzkSdEecpn2NN1VI5jCZVqXbzWCFZNCKJbCndMi8Vwr2rqkOpgma38J
jNm2TqKwTRmOfLV5MOK4Y6v/fsa+wPpcwBa0pyCxKLv5G2cxzSQQBH+0XwUu40jsmeDbAbgof4xc
ivq5zAZJKTIgkeRgQ+ayifwsN5ykn3Uzid/QgHe0ah3xU2m1krvqdTzROcxKV1Lb4AipWKtCWVj+
QVYPNqehXq5Sl09XujkuUVSeOu9oY/fPJzI1/7QI3N1k6zghU+qJgAXRbYhMak7tiunMpj2OT1yY
VQWPcSEHoyqLkzxnaDUXJvbUc4+talpUla3ArI2Y6B7IsRsr7VviNZmeykwYazFtS25xjpr16ea1
pelodMNd86pLrk49SWnr8edVPXi3kwKUuw3emOPqxpuyWVbGjU6PjcDZk+v2RTXLUS+wSPblwbAs
QdNVFfruvCJNVyZQ3tSbYMUInnheSotOKWDMTgUih2X5zAyrVv4y9CT2emuAdWWgj1MMlWR5iWcN
TDU+36TV1kRKovDiqNQAwyeT1fvPtKbaCtnkTxwJyE7uU1ZWK9LK8RbY2QbPc3CyoyGamhk1Rf82
0MPt3WNsDbehzSbjYHTZ8YiHCVP3Zjm91SPMb5H72gzNzM4Fg5dUz/xFCtKQ2AQb3Bmu8MIc97O4
utJdnX/ocgVOrdhEijCmAA/eSa/3cBjWLqahe9r5bcprV+7dhYfEQcUrNtilg2KqzZrBhcU1ljuT
RuJBcGSJqftusVNFg5Fc7WXlN+EGaW31dFGNwOJwzn+3Oupu2OEzM/fvIqqvQW7t2ew5WX6j7Ufo
PLPe2p1NsCUKZUyNavE4gRvR0UXJzgvNNWcWfPuwTtO0jGzlVGncrbtFQXo3XGqNerTN9m2Y4Svb
NbqZfBI3JTNiUdl6n/b43oGPLTpfe15JvY+suYSG8UYH2sjU9/HxAWazbHN+6RKEf0F9f/Ee0001
NEyaoSDO77Xj16wKJzDz10ZzYUFs03balxHwN1wL2IBL5yryl2NxQh0fw36IRnnG530+khcaeHcY
0Ue3BDedtXQLFIEmaEutlig114FKt2zJhhgYpoFfwkAxAXkviC04pmtQpSi4pINiA4GWdhUpl3Yt
h2g/hSOI93ny43kqdh5M2HphZCR84YNjZIIBAQA7== -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe (Malware.Packer.Gen) -> Value: 1940034883.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe (Malware.Packer.Gen) -> Value: 1940034883.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnZP (Malware.Packer.Gen) -> Value: HNUmaIXnZP -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnZP (Malware.Packer.Gen) -> Value: HNUmaIXnZP -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXntg (Malware.Packer.Gen) -> Value: HNUmaIXntg -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXntg (Malware.Packer.Gen) -> Value: HNUmaIXntg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnxc (Malware.Packer.Gen) -> Value: HNUmaIXnxc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnxc (Malware.Packer.Gen) -> Value: HNUmaIXnxc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnf (Malware.Packer.Gen) -> Value: HNUmaIXnf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnf (Malware.Packer.Gen) -> Value: HNUmaIXnf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnoc (Malware.Packer.Gen) -> Value: HNUmaIXnoc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnoc (Malware.Packer.Gen) -> Value: HNUmaIXnoc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXngP (Malware.Packer.Gen) -> Value: HNUmaIXngP -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXngP (Malware.Packer.Gen) -> Value: HNUmaIXngP -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnuf (Malware.Packer.Gen) -> Value: HNUmaIXnuf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnuf (Malware.Packer.Gen) -> Value: HNUmaIXnuf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnwe (Malware.Packer.Gen) -> Value: HNUmaIXnwe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnwe (Malware.Packer.Gen) -> Value: HNUmaIXnwe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnxb (Malware.Packer.Gen) -> Value: HNUmaIXnxb -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnxb (Malware.Packer.Gen) -> Value: HNUmaIXnxb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnz9 (Malware.Packer.Gen) -> Value: HNUmaIXnz9 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnz9 (Malware.Packer.Gen) -> Value: HNUmaIXnz9 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnusc (Malware.Packer.Gen) -> Value: HNUmaIXnusc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnusc (Malware.Packer.Gen) -> Value: HNUmaIXnusc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe (Malware.Packer.Gen) -> Value: 3749294140.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe (Malware.Packer.Gen) -> Value: 3749294140.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnwg (Malware.Packer.Gen) -> Value: HNUmaIXnwg -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnwg (Malware.Packer.Gen) -> Value: HNUmaIXnwg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnsf (Malware.Packer.Gen) -> Value: HNUmaIXnsf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnsf (Malware.Packer.Gen) -> Value: HNUmaIXnsf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnsb (Malware.Packer.Gen) -> Value: HNUmaIXnsb -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnsb (Malware.Packer.Gen) -> Value: HNUmaIXnsb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnvc (Malware.Packer.Gen) -> Value: HNUmaIXnvc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnvc (Malware.Packer.Gen) -> Value: HNUmaIXnvc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnvZ (Malware.Packer.Gen) -> Value: HNUmaIXnvZ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnvZom&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqPEhtocOHECNKnEixosOGDRFmtFhwo8FU1DBGTMWxJEWPAzeqZMgSpUKX
F03KJGkxFU2YMnMuxJkyJDWbfoKm8mPTp9GjRlNCpPlvpUCeTx8yHWgzYUiQC4cqjcq1aU+QYH+K
DXt1rNmwIMum9bkWq9igU4LKlevWq1OrNSdC7Yi0bF+fTdn+fRsy8OCjOgkCPji0MVE//x7rTZz1
X1vBZIteVls4KkmseLs+HetVINGudxVvLd1xteGhc+fGTc3ypWvKUTvHzKsTrcCplH/G9im34t7g
t1uj1i2yIPDWd0mKpE2UZ/PAQJUejxxbNujFqGuH/2atOrxo8c8jHk9vsPnP5BohU1xLNbZjrTt1
4zbOP7JVnFC999B0fMUkmULdPSZYeAGmJR5M25WHF2iT+YfQY4/d5wc1GXaooWNCeSgfeRH+BNSH
IzqXolm27ZeTgCeZNqB0H51nmYSq0UiXiCAm2GOIQNqHoZCw+Whkd7BdB6FyD1rmkZIKYZXibu0h
xJ5iUwWp4YAE2XRljf9hFKGKKKIYYplAmeihRCRNyWV5KEF2E0NFFkdeaRldp1FKjeHYJXAObnQZ
hXfaOF5IRHnpXJ6rbdeQmxDpd1tVVko6GoB+SvUlVfRdJBZgV73IqZdgeTlma5BKBBOlT1WnFFMi
Df81xaynwbkSlO29pyCdDbG35G+fOkmWXcTqaSVYW3l5IF6Iatdflb/9Jh+MVMVlrR+z+ronSmEp
xiGl4Jm2aX6SIjXuoqyWZKJEQTGEk3Qe1aoYtrReO5ty68EY67xzPpUKCu1SaRuhvR5FY0drCdcp
a9ySWrByV86FMGM3Assqh9hmbG/GA00JIbK5GWaYoK4KhMLJKExxrqpxBSoyqJ8yyinEJ0712UIl
M2zajkM96WSvpTVm7axxeUU0tgQFzBVb501XWGpa+YEyyu3i2tNhiE6RssrIEtjUZ0bR12tjQ21d
VFfgZrXpvym3DbBHN6uYsdJGZxwnlqt663VCUk//TTWBMEcotdZaV810YIVeGvZTs26dckbpSnXn
o1NrPfVpod6q8RROaezShgt3ORqsWPtkuduVTztelSifXjjGP+tH9lR5mtq6g/hN5KBiKNtsOa1x
q2htv9yprHdkNyXlNKirU4O63ye3vLJB2G7deNuc62aqpYZWPwWTLSKcItseW6b1Z0K1NnTRHWcL
W8JldRmsy3eh1BD0z7feIXSNEo6CdL9LGamAwxlD/aRtdjlVQphSvQWOCHIcKsi1FBQXesHFeDVK
CuIsUr3o/a8p2GsdBjO0E+xJJhWE45x6CJW081VFgSFLGkks55QXYmde6aNXBS1Yr3o9Jzv+So/E
/xYIPRVSzm+g40qf7tS4WZkIKIRLlXgOYjnpEO9XUmlc+fiyu43IZWNEQyEKPXchfzlEQyPqm9s0
dzllbSVEavKfzAYHMJ0gcF17epNS2rahn+mMKd2SFtGGVpyfrE9n4gqehLwGl/yx8IB1FJe8HPYY
/0lvIFM7F21+Qzg8Ngo61uGd5fqokXKFBS5zi1qbdugSARFPIgF03ZQUJb9E3URpTcSeTZr4PYvA
LWU5IxN7TGWepyAxb0/DimbGCLydfTEuH0wgVSwEqylaBn9ItM8AN4ix8bmudeCcHvj+0cTSDOlb
BBQNaeh0umjKD4825KTdqHctQMJNWonTSDvzV/84UnWoavc5G4f4qMPotSwxUUTnMgO0QFpWDJIn
s+fB0vW0QaqMUSicoLyAJsMlNUeNIsSf8VSCKO+cpmeZ5CThEpa4vcyld0AsVj5n5JImhipoYsJS
8bAlJuFM8Cobpd5MCYI691Ejl9ELmbwKIhQOpVCCneyYVq5UswF6z0WCapTzTqY6RRIrWvbq2OZA
UjKhHExapGQM21AXL785aFl5C4r+5rLV/10HQ8KZi7Ki9rWk4gZygBJLZAQIyGoqUU5HtaBTf6pM
iyGPffKh0AB3GUI3DTRlyJMinzDZOIcNdqVpnJ2pImchcp5PVM5B4dho1BAaPvGs05GsxjZ3UD7/
TbUjQuHaljKyTxQI6j0hAZgUf4uRsqEMcbCZK11q5pVC2qWP3hNnpCjHvo6gLFSkrKF+UGkvQAGy
ZP4cS+5SEsIosiZRFKMd2LBCNOFK618p3OZ7MSRJmiC2bdY51WovK8B5XfdPbwyUSI7WzK+lzTI1
AyxkMjJEY4q0VytaXKxIxbsiXpCgMkVNbrsDQsy65l/ccxehjGvQduZqe5N1WGJVNiLJloqBk72T
LV3Vt29mDzHuAVmXhmTJXBLuN1rBoiRlg0CEaE1T9OtJb0/mEgZG0F2crMqMiQm0E1UMsbv72qU2
tOQPNqwqUoqNZWbMX3COkHOSIQ4qnUuUEHp4/49vPoyq4EJadX5JTKOlHZBJu8TR8anFsPFx9Irr
SrKmOM/+pBf2dsgaWvKkVkBt2+y0GK5MnTGUVtyQcJg6WltS5VF9mhOBltpTwiz1en5TaKkyVKem
frIpfcQPc6IcLaNoWjDFLeigmQRD9dwoXhQGss/W6ZX0POprmvYjgkWrrH0uN9gmsRlwn5bMs2pW
Oz4dL7R4zb9ta+aJkS2uRB1tsz/OjtU/QjNYzvm7NKXzJWYxGGJydhfJXDtaftpkb15rFVZ5tmdk
fW2KNSjVmJ6oOmR7ogqVKZe/jKzSoqOYpvTooklRGIPhOfhe/dkYjAQlZp2TIZCmeh88n0XeeP8d
Z5XOiiXDMvW9KumRttRS5zOOdlQCX+bN/5ObZiEIn0FMeNh6NjGrmS/IS7H5Rz6kcdFV+eQV4fiy
mQspeBoqR/iGzAM/wiN/6YnBxX5aAgHXXLolDlI8E5F/oAa6syDyq1ax5cq0rWVgxeirbopxxJGd
q8hQi0teTN9897o/mqJFsMir+QrPVkzR/LAuxrYmTeZUVRm1p4vI45bPIfJPHn0Pctves3gJVhvH
rA4+80ktnsYUHYdNflEfede0mqPMMi3LIRmq3cnfJWR8i4s/e+PLp7SFJ1/LnegVs7zy92U/OPJo
wa/mNoJPHnAo6UnPUeL6K1HPpuSRXd+jcij/o0A/Td8T/tzJI3XHZnR4FrYn5eYRp8vrI13Ov4RG
9FOTQys1uoNjqM/PUTtJ80DEIWyINk69hzEopB11QRvklxX3xi7hEzTypTi2Z3octTN6lh7uB2ul
Il7IsSdKE4D5xFA7RoJXN4AZhmCJpCgX6CqaJ2fr5xmX90Q2KFax9yzc5BeIV34GRCyRdytSFYFg
snSHRkK8AW9tghnxRnBWYhxI8XAhVoQjEW1XoiSTd3wdCH5n1G+agXC0A3KIwTfwUzqnFyl60WsM
uDqiVXGMQX2S4n0QJ4WDAWQmoYYn0Wv2syfQthPWdGI2qCjgx4R/kWVouFSL1CQpWBL1lzgBAQEA
Ow (Malware.Packer.Gen) -> Value: HNUmaIXnvZom&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqPEhtocOHECNKnEixosOGDRFmtFhwo8FU1DBGTMWxJEWPAzeqZMgSpUKX
F03KJGkxFU2YMnMuxJkyJDWbfoKm8mPTp9GjRlNCpPlvpUCeTx8yHWgzYUiQC4cqjcq1aU+QYH+K
DXt1rNmwIMum9bkWq9igU4LKlevWq1OrNSdC7Yi0bF+fTdn+fRsy8OCjOgkCPji0MVE//x7rTZz1
X1vBZIteVls4KkmseLs+HetVINGudxVvLd1xteGhc+fGTc3ypWvKUTvHzKsTrcCplH/G9im34t7g
t1uj1i2yIPDWd0mKpE2UZ/PAQJUejxxbNujFqGuH/2atOrxo8c8jHk9vsPnP5BohU1xLNbZjrTt1
4zbOP7JVnFC999B0fMUkmULdPSZYeAGmJR5M25WHF2iT+YfQY4/d5wc1GXaooWNCeSgfeRH+BNSH
IzqXolm27ZeTgCeZNqB0H51nmYSq0UiXiCAm2GOIQNqHoZCw+Whkd7BdB6FyD1rmkZIKYZXibu0h
xJ5iUwWp4YAE2XRljf9hFKGKKKIYYplAmeihRCRNyWV5KEF2E0NFFkdeaRldp1FKjeHYJXAObnQZ
hXfaOF5IRHnpXJ6rbdeQmxDpd1tVVko6GoB+SvUlVfRdJBZgV73IqZdgeTlma5BKBBOlT1WnFFMi
Df81xaynwbkSlO29pyCdDbG35G+fOkmWXcTqaSVYW3l5IF6Iatdflb/9Jh+MVMVlrR+z+ronSmEp
xiGl4Jm2aX6SIjXuoqyWZKJEQTGEk3Qe1aoYtrReO5ty68EY67xzPpUKCu1SaRuhvR5FY0drCdcp
a9ySWrByV86FMGM3Assqh9hmbG/GA00JIbK5GWaYoK4KhMLJKExxrqpxBSoyqJ8yyinEJ0712UIl
M2zajkM96WSvpTVm7axxeUU0tgQFzBVb501XWGpa+YEyyu3i2tNhiE6RssrIEtjUZ0bR12tjQ21d
VFfgZrXpvym3DbBHN6uYsdJGZxwnlqt663VCUk//TTWBMEcotdZaV810YIVeGvZTs26dckbpSnXn
o1NrPfVpod6q8RROaezShgt3ORqsWPtkuduVTztelSifXjjGP+tH9lR5mtq6g/hN5KBiKNtsOa1x
q2htv9yprHdkNyXlNKirU4O63ye3vLJB2G7deNuc62aqpYZWPwWTLSKcItseW6b1Z0K1NnTRHWcL
W8JldRmsy3eh1BD0z7feIXSNEo6CdL9LGamAwxlD/aRtdjlVQphSvQWOCHIcKsi1FBQXesHFeDVK
CuIsUr3o/a8p2GsdBjO0E+xJJhWE45x6CJW081VFgSFLGkks55QXYmde6aNXBS1Yr3o9Jzv+So/E
/xYIPRVSzm+g40qf7tS4WZkIKIRLlXgOYjnpEO9XUmlc+fiyu43IZWNEQyEKPXchfzlEQyPqm9s0
dzllbSVEavKfzAYHMJ0gcF17epNS2rahn+mMKd2SFtGGVpyfrE9n4gqehLwGl/yx8IB1FJe8HPYY
/0lvIFM7F21+Qzg8Ngo61uGd5fqokXKFBS5zi1qbdugSARFPIgF03ZQUJb9E3URpTcSeTZr4PYvA
LWU5IxN7TGWepyAxb0/DimbGCLydfTEuH0wgVSwEqylaBn9ItM8AN4ix8bmudeCcHvj+0cTSDOlb
BBQNaeh0umjKD4825KTdqHctQMJNWonTSDvzV/84UnWoavc5G4f4qMPotSwxUUTnMgO0QFpWDJIn
s+fB0vW0QaqMUSicoLyAJsMlNUeNIsSf8VSCKO+cpmeZ5CThEpa4vcyld0AsVj5n5JImhipoYsJS
8bAlJuFM8Cobpd5MCYI691Ejl9ELmbwKIhQOpVCCneyYVq5UswF6z0WCapTzTqY6RRIrWvbq2OZA
UjKhHExapGQM21AXL785aFl5C4r+5rLV/10HQ8KZi7Ki9rWk4gZygBJLZAQIyGoqUU5HtaBTf6pM
iyGPffKh0AB3GUI3DTRlyJMinzDZOIcNdqVpnJ2pImchcp5PVM5B4dho1BAaPvGs05GsxjZ3UD7/
TbUjQuHaljKyTxQI6j0hAZgUf4uRsqEMcbCZK11q5pVC2qWP3hNnpCjHvo6gLFSkrKF+UGkvQAGy
ZP4cS+5SEsIosiZRFKMd2LBCNOFK618p3OZ7MSRJmiC2bdY51WovK8B5XfdPbwyUSI7WzK+lzTI1
AyxkMjJEY4q0VytaXKxIxbsiXpCgMkVNbrsDQsy65l/ccxehjGvQduZqe5N1WGJVNiLJloqBk72T
LV3Vt29mDzHuAVmXhmTJXBLuN1rBoiRlg0CEaE1T9OtJb0/mEgZG0F2crMqMiQm0E1UMsbv72qU2
tOQPNqwqUoqNZWbMX3COkHOSIQ4qnUuUEHp4/49vPoyq4EJadX5JTKOlHZBJu8TR8anFsPFx9Irr
SrKmOM/+pBf2dsgaWvKkVkBt2+y0GK5MnTGUVtyQcJg6WltS5VF9mhOBltpTwiz1en5TaKkyVKem
frIpfcQPc6IcLaNoWjDFLeigmQRD9dwoXhQGss/W6ZX0POprmvYjgkWrrH0uN9gmsRlwn5bMs2pW
Oz4dL7R4zb9ta+aJkS2uRB1tsz/OjtU/QjNYzvm7NKXzJWYxGGJydhfJXDtaftpkb15rFVZ5tmdk
fW2KNSjVmJ6oOmR7ogqVKZe/jKzSoqOYpvTooklRGIPhOfhe/dkYjAQlZp2TIZCmeh88n0XeeP8d
Z5XOiiXDMvW9KumRttRS5zOOdlQCX+bN/5ObZiEIn0FMeNh6NjGrmS/IS7H5Rz6kcdFV+eQV4fiy
mQspeBoqR/iGzAM/wiN/6YnBxX5aAgHXXLolDlI8E5F/oAa6syDyq1ax5cq0rWVgxeirbopxxJGd
q8hQi0teTN9897o/mqJFsMir+QrPVkzR/LAuxrYmTeZUVRm1p4vI45bPIfJPHn0Pctves3gJVhvH
rA4+80ktnsYUHYdNflEfede0mqPMMi3LIRmq3cnfJWR8i4s/e+PLp7SFJ1/LnegVs7zy92U/OPJo
wa/mNoJPHnAo6UnPUeL6K1HPpuSRXd+jcij/o0A/Td8T/tzJI3XHZnR4FrYn5eYRp8vrI13Ov4RG
9FOTQys1uoNjqM/PUTtJ80DEIWyINk69hzEopB11QRvklxX3xi7hEzTypTi2Z3octTN6lh7uB2ul
Il7IsSdKE4D5xFA7RoJXN4AZhmCJpCgX6CqaJ2fr5xmX90Q2KFax9yzc5BeIV34GRCyRdytSFYFg
snSHRkK8AW9tghnxRnBWYhxI8XAhVoQjEW1XoiSTd3wdCH5n1G+agXC0A3KIwTfwUzqnFyl60WsM
uDqiVXGMQX2S4n0QJ4WDAWQmoYYn0Wv2syfQthPWdGI2qCjgx4R/kWVouFSL1CQpWBL1lzgBAQEA
Ow -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnvZ (Malware.Packer.Gen) -> Value: HNUmaIXnvZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnvZom&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqPEhtocOHECNKnEixosOGDRFmtFhwo8FU1DBGTMWxJEWPAzeqZMgSpUKX
F03KJGkxFU2YMnMuxJkyJDWbfoKm8mPTp9GjRlNCpPlvpUCeTx8yHWgzYUiQC4cqjcq1aU+QYH+K
DXt1rNmwIMum9bkWq9igU4LKlevWq1OrNSdC7Yi0bF+fTdn+fRsy8OCjOgkCPji0MVE//x7rTZz1
X1vBZIteVls4KkmseLs+HetVINGudxVvLd1xteGhc+fGTc3ypWvKUTvHzKsTrcCplH/G9im34t7g
t1uj1i2yIPDWd0mKpE2UZ/PAQJUejxxbNujFqGuH/2atOrxo8c8jHk9vsPnP5BohU1xLNbZjrTt1
4zbOP7JVnFC999B0fMUkmULdPSZYeAGmJR5M25WHF2iT+YfQY4/d5wc1GXaooWNCeSgfeRH+BNSH
IzqXolm27ZeTgCeZNqB0H51nmYSq0UiXiCAm2GOIQNqHoZCw+Whkd7BdB6FyD1rmkZIKYZXibu0h
xJ5iUwWp4YAE2XRljf9hFKGKKKIYYplAmeihRCRNyWV5KEF2E0NFFkdeaRldp1FKjeHYJXAObnQZ
hXfaOF5IRHnpXJ6rbdeQmxDpd1tVVko6GoB+SvUlVfRdJBZgV73IqZdgeTlma5BKBBOlT1WnFFMi
Df81xaynwbkSlO29pyCdDbG35G+fOkmWXcTqaSVYW3l5IF6Iatdflb/9Jh+MVMVlrR+z+ronSmEp
xiGl4Jm2aX6SIjXuoqyWZKJEQTGEk3Qe1aoYtrReO5ty68EY67xzPpUKCu1SaRuhvR5FY0drCdcp
a9ySWrByV86FMGM3Assqh9hmbG/GA00JIbK5GWaYoK4KhMLJKExxrqpxBSoyqJ8yyinEJ0712UIl
M2zajkM96WSvpTVm7axxeUU0tgQFzBVb501XWGpa+YEyyu3i2tNhiE6RssrIEtjUZ0bR12tjQ21d
VFfgZrXpvym3DbBHN6uYsdJGZxwnlqt663VCUk//TTWBMEcotdZaV810YIVeGvZTs26dckbpSnXn
o1NrPfVpod6q8RROaezShgt3ORqsWPtkuduVTztelSifXjjGP+tH9lR5mtq6g/hN5KBiKNtsOa1x
q2htv9yprHdkNyXlNKirU4O63ye3vLJB2G7deNuc62aqpYZWPwWTLSKcItseW6b1Z0K1NnTRHWcL
W8JldRmsy3eh1BD0z7feIXSNEo6CdL9LGamAwxlD/aRtdjlVQphSvQWOCHIcKsi1FBQXesHFeDVK
CuIsUr3o/a8p2GsdBjO0E+xJJhWE45x6CJW081VFgSFLGkks55QXYmde6aNXBS1Yr3o9Jzv+So/E
/xYIPRVSzm+g40qf7tS4WZkIKIRLlXgOYjnpEO9XUmlc+fiyu43IZWNEQyEKPXchfzlEQyPqm9s0
dzllbSVEavKfzAYHMJ0gcF17epNS2rahn+mMKd2SFtGGVpyfrE9n4gqehLwGl/yx8IB1FJe8HPYY
/0lvIFM7F21+Qzg8Ngo61uGd5fqokXKFBS5zi1qbdugSARFPIgF03ZQUJb9E3URpTcSeTZr4PYvA
LWU5IxN7TGWepyAxb0/DimbGCLydfTEuH0wgVSwEqylaBn9ItM8AN4ix8bmudeCcHvj+0cTSDOlb
BBQNaeh0umjKD4825KTdqHctQMJNWonTSDvzV/84UnWoavc5G4f4qMPotSwxUUTnMgO0QFpWDJIn
s+fB0vW0QaqMUSicoLyAJsMlNUeNIsSf8VSCKO+cpmeZ5CThEpa4vcyld0AsVj5n5JImhipoYsJS
8bAlJuFM8Cobpd5MCYI691Ejl9ELmbwKIhQOpVCCneyYVq5UswF6z0WCapTzTqY6RRIrWvbq2OZA
UjKhHExapGQM21AXL785aFl5C4r+5rLV/10HQ8KZi7Ki9rWk4gZygBJLZAQIyGoqUU5HtaBTf6pM
iyGPffKh0AB3GUI3DTRlyJMinzDZOIcNdqVpnJ2pImchcp5PVM5B4dho1BAaPvGs05GsxjZ3UD7/
TbUjQuHaljKyTxQI6j0hAZgUf4uRsqEMcbCZK11q5pVC2qWP3hNnpCjHvo6gLFSkrKF+UGkvQAGy
ZP4cS+5SEsIosiZRFKMd2LBCNOFK618p3OZ7MSRJmiC2bdY51WovK8B5XfdPbwyUSI7WzK+lzTI1
AyxkMjJEY4q0VytaXKxIxbsiXpCgMkVNbrsDQsy65l/ccxehjGvQduZqe5N1WGJVNiLJloqBk72T
LV3Vt29mDzHuAVmXhmTJXBLuN1rBoiRlg0CEaE1T9OtJb0/mEgZG0F2crMqMiQm0E1UMsbv72qU2
tOQPNqwqUoqNZWbMX3COkHOSIQ4qnUuUEHp4/49vPoyq4EJadX5JTKOlHZBJu8TR8anFsPFx9Irr
SrKmOM/+pBf2dsgaWvKkVkBt2+y0GK5MnTGUVtyQcJg6WltS5VF9mhOBltpTwiz1en5TaKkyVKem
frIpfcQPc6IcLaNoWjDFLeigmQRD9dwoXhQGss/W6ZX0POprmvYjgkWrrH0uN9gmsRlwn5bMs2pW
Oz4dL7R4zb9ta+aJkS2uRB1tsz/OjtU/QjNYzvm7NKXzJWYxGGJydhfJXDtaftpkb15rFVZ5tmdk
fW2KNSjVmJ6oOmR7ogqVKZe/jKzSoqOYpvTooklRGIPhOfhe/dkYjAQlZp2TIZCmeh88n0XeeP8d
Z5XOiiXDMvW9KumRttRS5zOOdlQCX+bN/5ObZiEIn0FMeNh6NjGrmS/IS7H5Rz6kcdFV+eQV4fiy
mQspeBoqR/iGzAM/wiN/6YnBxX5aAgHXXLolDlI8E5F/oAa6syDyq1ax5cq0rWVgxeirbopxxJGd
q8hQi0teTN9897o/mqJFsMir+QrPVkzR/LAuxrYmTeZUVRm1p4vI45bPIfJPHn0Pctves3gJVhvH
rA4+80ktnsYUHYdNflEfede0mqPMMi3LIRmq3cnfJWR8i4s/e+PLp7SFJ1/LnegVs7zy92U/OPJo
wa/mNoJPHnAo6UnPUeL6K1HPpuSRXd+jcij/o0A/Td8T/tzJI3XHZnR4FrYn5eYRp8vrI13Ov4RG
9FOTQys1uoNjqM/PUTtJ80DEIWyINk69hzEopB11QRvklxX3xi7hEzTypTi2Z3octTN6lh7uB2ul
Il7IsSdKE4D5xFA7RoJXN4AZhmCJpCgX6CqaJ2fr5xmX90Q2KFax9yzc5BeIV34GRCyRdytSFYFg
snSHRkK8AW9tghnxRnBWYhxI8XAhVoQjEW1XoiSTd3wdCH5n1G+agXC0A3KIwTfwUzqnFyl60WsM
uDqiVXGMQX2S4n0QJ4WDAWQmoYYn0Wv2syfQthPWdGI2qCjgx4R/kWVouFSL1CQpWBL1lzgBAQEA
Ow (Malware.Packer.Gen) -> Value: HNUmaIXnvZom&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqPEhtocOHECNKnEixosOGDRFmtFhwo8FU1DBGTMWxJEWPAzeqZMgSpUKX
F03KJGkxFU2YMnMuxJkyJDWbfoKm8mPTp9GjRlNCpPlvpUCeTx8yHWgzYUiQC4cqjcq1aU+QYH+K
DXt1rNmwIMum9bkWq9igU4LKlevWq1OrNSdC7Yi0bF+fTdn+fRsy8OCjOgkCPji0MVE//x7rTZz1
X1vBZIteVls4KkmseLs+HetVINGudxVvLd1xteGhc+fGTc3ypWvKUTvHzKsTrcCplH/G9im34t7g
t1uj1i2yIPDWd0mKpE2UZ/PAQJUejxxbNujFqGuH/2atOrxo8c8jHk9vsPnP5BohU1xLNbZjrTt1
4zbOP7JVnFC999B0fMUkmULdPSZYeAGmJR5M25WHF2iT+YfQY4/d5wc1GXaooWNCeSgfeRH+BNSH
IzqXolm27ZeTgCeZNqB0H51nmYSq0UiXiCAm2GOIQNqHoZCw+Whkd7BdB6FyD1rmkZIKYZXibu0h
xJ5iUwWp4YAE2XRljf9hFKGKKKIYYplAmeihRCRNyWV5KEF2E0NFFkdeaRldp1FKjeHYJXAObnQZ
hXfaOF5IRHnpXJ6rbdeQmxDpd1tVVko6GoB+SvUlVfRdJBZgV73IqZdgeTlma5BKBBOlT1WnFFMi
Df81xaynwbkSlO29pyCdDbG35G+fOkmWXcTqaSVYW3l5IF6Iatdflb/9Jh+MVMVlrR+z+ronSmEp
xiGl4Jm2aX6SIjXuoqyWZKJEQTGEk3Qe1aoYtrReO5ty68EY67xzPpUKCu1SaRuhvR5FY0drCdcp
a9ySWrByV86FMGM3Assqh9hmbG/GA00JIbK5GWaYoK4KhMLJKExxrqpxBSoyqJ8yyinEJ0712UIl
M2zajkM96WSvpTVm7axxeUU0tgQFzBVb501XWGpa+YEyyu3i2tNhiE6RssrIEtjUZ0bR12tjQ21d
VFfgZrXpvym3DbBHN6uYsdJGZxwnlqt663VCUk//TTWBMEcotdZaV810YIVeGvZTs26dckbpSnXn
o1NrPfVpod6q8RROaezShgt3ORqsWPtkuduVTztelSifXjjGP+tH9lR5mtq6g/hN5KBiKNtsOa1x
q2htv9yprHdkNyXlNKirU4O63ye3vLJB2G7deNuc62aqpYZWPwWTLSKcItseW6b1Z0K1NnTRHWcL
W8JldRmsy3eh1BD0z7feIXSNEo6CdL9LGamAwxlD/aRtdjlVQphSvQWOCHIcKsi1FBQXesHFeDVK
CuIsUr3o/a8p2GsdBjO0E+xJJhWE45x6CJW081VFgSFLGkks55QXYmde6aNXBS1Yr3o9Jzv+So/E
/xYIPRVSzm+g40qf7tS4WZkIKIRLlXgOYjnpEO9XUmlc+fiyu43IZWNEQyEKPXchfzlEQyPqm9s0
dzllbSVEavKfzAYHMJ0gcF17epNS2rahn+mMKd2SFtGGVpyfrE9n4gqehLwGl/yx8IB1FJe8HPYY
/0lvIFM7F21+Qzg8Ngo61uGd5fqokXKFBS5zi1qbdugSARFPIgF03ZQUJb9E3URpTcSeTZr4PYvA
LWU5IxN7TGWepyAxb0/DimbGCLydfTEuH0wgVSwEqylaBn9ItM8AN4ix8bmudeCcHvj+0cTSDOlb
BBQNaeh0umjKD4825KTdqHctQMJNWonTSDvzV/84UnWoavc5G4f4qMPotSwxUUTnMgO0QFpWDJIn
s+fB0vW0QaqMUSicoLyAJsMlNUeNIsSf8VSCKO+cpmeZ5CThEpa4vcyld0AsVj5n5JImhipoYsJS
8bAlJuFM8Cobpd5MCYI691Ejl9ELmbwKIhQOpVCCneyYVq5UswF6z0WCapTzTqY6RRIrWvbq2OZA
UjKhHExapGQM21AXL785aFl5C4r+5rLV/10HQ8KZi7Ki9rWk4gZygBJLZAQIyGoqUU5HtaBTf6pM
iyGPffKh0AB3GUI3DTRlyJMinzDZOIcNdqVpnJ2pImchcp5PVM5B4dho1BAaPvGs05GsxjZ3UD7/
TbUjQuHaljKyTxQI6j0hAZgUf4uRsqEMcbCZK11q5pVC2qWP3hNnpCjHvo6gLFSkrKF+UGkvQAGy
ZP4cS+5SEsIosiZRFKMd2LBCNOFK618p3OZ7MSRJmiC2bdY51WovK8B5XfdPbwyUSI7WzK+lzTI1
AyxkMjJEY4q0VytaXKxIxbsiXpCgMkVNbrsDQsy65l/ccxehjGvQduZqe5N1WGJVNiLJloqBk72T
LV3Vt29mDzHuAVmXhmTJXBLuN1rBoiRlg0CEaE1T9OtJb0/mEgZG0F2crMqMiQm0E1UMsbv72qU2
tOQPNqwqUoqNZWbMX3COkHOSIQ4qnUuUEHp4/49vPoyq4EJadX5JTKOlHZBJu8TR8anFsPFx9Irr
SrKmOM/+pBf2dsgaWvKkVkBt2+y0GK5MnTGUVtyQcJg6WltS5VF9mhOBltpTwiz1en5TaKkyVKem
frIpfcQPc6IcLaNoWjDFLeigmQRD9dwoXhQGss/W6ZX0POprmvYjgkWrrH0uN9gmsRlwn5bMs2pW
Oz4dL7R4zb9ta+aJkS2uRB1tsz/OjtU/QjNYzvm7NKXzJWYxGGJydhfJXDtaftpkb15rFVZ5tmdk
fW2KNSjVmJ6oOmR7ogqVKZe/jKzSoqOYpvTooklRGIPhOfhe/dkYjAQlZp2TIZCmeh88n0XeeP8d
Z5XOiiXDMvW9KumRttRS5zOOdlQCX+bN/5ObZiEIn0FMeNh6NjGrmS/IS7H5Rz6kcdFV+eQV4fiy
mQspeBoqR/iGzAM/wiN/6YnBxX5aAgHXXLolDlI8E5F/oAa6syDyq1ax5cq0rWVgxeirbopxxJGd
q8hQi0teTN9897o/mqJFsMir+QrPVkzR/LAuxrYmTeZUVRm1p4vI45bPIfJPHn0Pctves3gJVhvH
rA4+80ktnsYUHYdNflEfede0mqPMMi3LIRmq3cnfJWR8i4s/e+PLp7SFJ1/LnegVs7zy92U/OPJo
wa/mNoJPHnAo6UnPUeL6K1HPpuSRXd+jcij/o0A/Td8T/tzJI3XHZnR4FrYn5eYRp8vrI13Ov4RG
9FOTQys1uoNjqM/PUTtJ80DEIWyINk69hzEopB11QRvklxX3xi7hEzTypTi2Z3octTN6lh7uB2ul
Il7IsSdKE4D5xFA7RoJXN4AZhmCJpCgX6CqaJ2fr5xmX90Q2KFax9yzc5BeIV34GRCyRdytSFYFg
snSHRkK8AW9tghnxRnBWYhxI8XAhVoQjEW1XoiSTd3wdCH5n1G+agXC0A3KIwTfwUzqnFyl60WsM
uDqiVXGMQX2S4n0QJ4WDAWQmoYYn0Wv2syfQthPWdGI2qCjgx4R/kWVouFSL1CQpWBL1lzgBAQEA
Ow -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnrc (Malware.Packer.Gen) -> Value: HNUmaIXnrc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnrc (Malware.Packer.Gen) -> Value: HNUmaIXnrc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnth (Malware.Packer.Gen) -> Value: HNUmaIXnth -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnth (Malware.Packer.Gen) -> Value: HNUmaIXnth -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnqg (Malware.Packer.Gen) -> Value: HNUmaIXnqg -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnqg (Malware.Packer.Gen) -> Value: HNUmaIXnqg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe (Malware.Packer.Gen) -> Value: 3695036898.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe (Malware.Packer.Gen) -> Value: 3695036898.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn0Z (Malware.Packer.Gen) -> Value: HNUmaIXn0Z -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn0Z (Malware.Packer.Gen) -> Value: HNUmaIXn0Z -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcuc (Malware.Packer.Gen) -> Value: MKcuc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKcuc (Malware.Packer.Gen) -> Value: MKcuc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnfQ (Malware.Packer.Gen) -> Value: HNUmaIXnfQ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnfQ (Malware.Packer.Gen) -> Value: HNUmaIXnfQ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe (Malware.Packer.Gen) -> Value: 3521232670.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe (Malware.Packer.Gen) -> Value: 3521232670.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe (Malware.Packer.Gen) -> Value: 183863508.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe (Malware.Packer.Gen) -> Value: 183863508.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe (Malware.Packer.Gen) -> Value: 1972166568.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe (Malware.Packer.Gen) -> Value: 1972166568.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeg (Malware.Packer.Gen) -> Value: MKeg -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeg (Malware.Packer.Gen) -> Value: MKeg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeta (Malware.Packer.Gen) -> Value: MKeta -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeta (Malware.Packer.Gen) -> Value: MKeta -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnz0+\Owner\LOCALS~1\Temp\3551963162.exe (Malware.Packer.Gen) -> Value: 3551963162.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnz0+\Owner\LOCALS~1\Temp\3551963162.exe (Malware.Packer.Gen) -> Value: 3551963162.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKese (Malware.Packer.Gen) -> Value: MKese -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKese (Malware.Packer.Gen) -> Value: MKese -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfsc (Malware.Packer.Gen) -> Value: MKfsc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKfsc (Malware.Packer.Gen) -> Value: MKfsc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{D6BA40A1-A502-59BD-F413-04B03A2C8953} (Trojan.Ertfor) -> Value: {D6BA40A1-A502-59BD-F413-04B03A2C8953} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\wininst.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\drweb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\avp32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\msmgm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\login.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\win16.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\gdi32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\avp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\nvsvc32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\win.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\njx4y.dll (Trojan.Agent) -> Delete on reboot.
c:\Documents and Settings\Owner\Local Settings\Temp\cmd.exe (Malware.Packer.Gen) -> Delete on reboot.
c:\documents and settings\Owner\local settings\Temp\msmgm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\avp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\avp32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\login.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1940034883.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\gdi32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\wininst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\smss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\win.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\win32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\nvsvc32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\winlogon.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3749294140.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\lsass.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\drweb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\user.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3695036898.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\lsass.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\win16.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3521232670.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\183863508.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1972166568.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\smss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3551963162.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\winlogon.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2049150398.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3942299350.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3961372568.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4004719270.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2558928960.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\259228688.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2631283626.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2648988954.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2658271234.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2717227158.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\154620905.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\92017698.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\932377354.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\953990832.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\955707391.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1653548132.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1031912184.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1041081878.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1074095796.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\108176128.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1091998018.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1177004904.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1741316352.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3124411961.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\322386414.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2720676680.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2747715244.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2765046420.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2805666686.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3675364026.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2236427104.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2328094608.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\135251550.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1367707477.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1419032574.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3817668044.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\384737478.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3892614964.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4158040560.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4197765892.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4212638930.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4230443952.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4236669206.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4241834180.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4252835232.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4254226097.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3510498818.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2889414084.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2928328901.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1222032128.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1226649980.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\122747662.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1244819018.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\126014746.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2094905139.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2162590040.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2230373394.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\223378159.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\4114074316.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1805164508.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1819804610.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1824248466.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\615649610.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\618327925.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\64700573.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\657072014.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\708647694.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3302555106.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3352132008.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\338816088.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3413887240.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3430967370.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1423870536.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1457711259.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1537041364.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3036136125.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\310900589.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2386036226.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\241005730.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2475114809.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2550384978.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3709953458.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3759100330.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\871047120.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\883979740.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\884928824.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\910495534.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\560874249.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1888549152.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1907229904.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3547063174.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3568885032.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\3591112146.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2931494434.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2969682964.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\2979530294.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1919846550.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1931988222.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\1986928580.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\432531654.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\PI00BU5E\ytjzxrhliqxvhriqepgr[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\otafewoq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\win32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:22 PM, on 1/27/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\1940034883.exe
O4 - HKLM\..\Run: [HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3749294140.exe
O4 - HKLM\..\Run: [HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3695036898.exe
O4 - HKLM\..\Run: [HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3521232670.exe
O4 - HKLM\..\Run: [HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\183863508.exe
O4 - HKLM\..\Run: [HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\1972166568.exe
O4 - HKLM\..\Run: [HNUmaIXnz0+\Owner\LOCALS~1\Temp\3551963162.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3551963162.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\1940034883.exe
O4 - HKCU\..\Run: [HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3749294140.exe
O4 - HKCU\..\Run: [HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3695036898.exe
O4 - HKCU\..\Run: [HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3521232670.exe
O4 - HKCU\..\Run: [HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\183863508.exe
O4 - HKCU\..\Run: [HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\1972166568.exe
O4 - HKCU\..\Run: [HNUmaIXnz0+\Owner\LOCALS~1\Temp\3551963162.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\3551963162.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://cdn.ll.neoedge.com/webgames/WeddingDash/WeddingDash.1.0.0.47.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9bdebbffb3aea) (gupdate1c9bdebbffb3aea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14345 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:27 AM

Posted 28 January 2011 - 01:30 AM

Hi,

Well, this certainly looks a lot better already.
However, can you once more update Malwarebytes and perform a new scan with it? This so it can trigger & delete those last leftovers.
Post the logs in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Phonat

Phonat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 30 January 2011 - 04:39 PM

Hi, sorry for the somewhat late reply, I was out of town for the past two nights. (:

Here's the log from MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5640

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/30/2011 2:38:54 PM
mbam-log-2011-01-30 (14-38-54).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 227613
Time elapsed: 31 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe (Trojan.Downloader.Gen) -> Value: 1940034883.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe (Trojan.Downloader.Gen) -> Value: 3749294140.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe (Trojan.Downloader.Gen) -> Value: 3695036898.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe (Trojan.Downloader.Gen) -> Value: 3521232670.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe (Trojan.Downloader.Gen) -> Value: 183863508.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe (Trojan.Downloader.Gen) -> Value: 1972166568.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnz0+\Owner\LOCALS~1\Temp\3551963162.exe (Trojan.Downloader.Gen) -> Value: 3551963162.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnzz/\Owner\LOCALS~1\Temp\1940034883.exe (Trojan.Downloader.Gen) -> Value: 1940034883.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn109\Owner\LOCALS~1\Temp\3749294140.exe (Trojan.Downloader.Gen) -> Value: 3749294140.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn10B\Owner\LOCALS~1\Temp\3695036898.exe (Trojan.Downloader.Gen) -> Value: 3695036898.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnyz+\Owner\LOCALS~1\Temp\3521232670.exe (Trojan.Downloader.Gen) -> Value: 3521232670.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn1zQ\Owner\LOCALS~1\Temp\183863508.exe (Trojan.Downloader.Gen) -> Value: 183863508.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXn00A\Owner\LOCALS~1\Temp\1972166568.exe (Trojan.Downloader.Gen) -> Value: 1972166568.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUmaIXnz0+\Owner\LOCALS~1\Temp\3551963162.exe (Trojan.Downloader.Gen) -> Value: 3551963162.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\WSTB\drv8.0.3.exe (Adware.BHO) -> Quarantined and deleted successfully.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:27 AM

Posted 31 January 2011 - 01:31 AM

Hi,

Please post a new HijackThis log as well.
Thanks.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Phonat

Phonat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 31 January 2011 - 06:58 PM

Oh, haha, sorry about that!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:58:41 PM, on 1/31/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://cdn.ll.neoedge.com/webgames/WeddingDash/WeddingDash.1.0.0.47.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9bdebbffb3aea) (gupdate1c9bdebbffb3aea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12597 bytes

Here's the log. (:

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:27 AM

Posted 01 February 2011 - 01:46 AM

Hi,

This is much better..

Just some notes..

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Also, I see you have the Frostwire Toolbar installed. This Toolbar is powered by Ask.com and not really recommended. If you don't use this toolbar, I suggest you uninstall it as well.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Phonat

Phonat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 01 February 2011 - 08:05 AM

Hi, miekiemoes,

I uninstalled the toolbar and viewpoint applications
I just wanted to thank you so much for helping me with my computer. It's running much faster and a lot smoother now. You're amazing, really. I don't know how to thank you enough. (: <3

If there's anything else you need me to do, please let me know.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:27 AM

Posted 01 February 2011 - 08:13 AM

Hi,

Good to hear and Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:27 AM

Posted 16 February 2011 - 01:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users