Author Topic: Re-appearing Trojans (Read 18394 times)

oneminuteofclarity · « **Reply #15 on:** September 17, 2010, 03:20:18 PM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6352d48412f6a946b4fd529e83b74633
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-17 09:39:23
# local_time=2010-09-17 04:39:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 219441 219441 0 0
# compatibility_mode=1024 16777215 100 0 3832715 3832715 0 0
# compatibility_mode=5892 16776574 100 100 4016788 121357101 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=237327
# found=0
# cleaned=0
# scan_time=9990

oneminuteofclarity · « **Reply #16 on:** September 17, 2010, 11:10:41 PM »

Also I was wondering if I should make a separate thread in a different forum to get the administrator profile back. I've looked around a little but I'm not sure if the options I found would be good in this case.

Thanks for all your help

oneminuteofclarity · « **Reply #17 on:** September 18, 2010, 01:36:55 PM »

We managed to make our account the administrators account again and deleted the other, previous administrators account. I also got SAS installed successfully.

Dr Jay · « **Reply #18 on:** September 21, 2010, 02:54:05 AM »

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then, try again.

oneminuteofclarity · « **Reply #19 on:** September 22, 2010, 02:07:56 PM »

Is this to get into the administrators account? Just making sure cause we have ours set back to the administrator. If so, should I run all the checks (that are specified before we make a post)?

Thanks

Dr Jay · « **Reply #20 on:** September 22, 2010, 03:41:52 PM »

Sure. Do in admin.

oneminuteofclarity · « **Reply #21 on:** September 24, 2010, 11:53:15 AM »

Still found a couple Trojans and some Key Logger stuff. Here's the new log files:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/24/2010 at 03:44 AM

Application Version : 4.43.1000

Core Rules Database Version : 5569
Trace Rules Database Version: 3381

Scan type : Complete Scan
Total Scan Time : 03:46:27

Memory items scanned : 792
Memory threats detected : 1
Registry items scanned : 9132
Registry threats detected : 0
File items scanned : 213627
File threats detected : 70

Trojan.Dropper/Win-NV
   C:\WINDOWS\SYSTEM32\MPK\MPK.DLL
   C:\WINDOWS\SYSTEM32\MPK\MPK.DLL
   C:\WINDOWS\SYSTEM\MPK\MPK.DLL
   C:\WINDOWS\SYSTEM\MPO\MPK.DLL

Adware.Tracking Cookie
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@adinterax[3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@zedo[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@insightexpressai[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@kontera[3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@invitemedia[3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@casalemedia[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@media6degrees[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@pointroll[3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@adbrite[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@imrworldwide[3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@collective-media[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@serving-sys[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@adecn[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@yieldmanager[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@atdmt[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@dmtracker[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@overture[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@advertising[4].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@realmedia[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@doubleclick[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@revsci[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@2o7[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@apmebf[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@specificmedia[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@mediaplex[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@legolas-media[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@specificclick[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@tradedoubler[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@ru4[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@questionmarket[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@adinterax[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@adinterax[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@advertising[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@advertising[3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@atdmt[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@imrworldwide[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@insightexpressai[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@invitemedia[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@kontera[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@pointroll[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@questionmarket[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@revsci[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@serving-sys[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@zedo[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\Low\erickson@questionmarket[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\erickson@atdmt[2].txt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/24/2010 10:27:49 AM
mbam-log-2010-09-24 (10-27-49).txt

Scan type: Quick scan
Objects scanned: 142630
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 11
Files Infected: 353

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: c:\windows\system32\mpk\mpk.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Data: system32\mpk\mpk.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Refog.Keylogger) -> Bad: (c:\windows\system32\userinit.exe,C:\Windows\system32\MPK\mpk.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDA (Refog.Keylogger) -> Delete on reboot.
C:\ProgramData\MPK\CPDM (Refog.Keylogger) -> Delete on reboot.
C:\ProgramData\MPK\REFOG Personal Monitor (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK (Refog.Keylogger) -> Delete on reboot.
C:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\MPK\1\I40443_8806508565 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_8841229051 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_8875950463 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_8910671412 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_8945391782 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_8980112616 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9014834028 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9049554977 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9084275694 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9118996644 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9153717593 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9188438194 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9223159259 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9257879861 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9292600926 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9327322222 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9362042824 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9396763773 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9431483912 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9466205324 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9500925694 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9535646643 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9570367940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9605088889 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9639809722 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9674530093 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9709251505 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9743972917 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9848135069 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9882855324 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9917576273 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9952297107 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40443_9987017940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0021739468 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0056459722 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0091180556 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0125901968 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0160622917 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0195343171 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0230064236 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0264785532 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0299505903 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0334226968 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0368948148 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0403668866 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0441586343 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0473110301 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0507831134 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0542552083 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0577273148 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0611993750 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0646715162 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0681435648 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0716156482 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0750877778 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0785598611 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0820318981 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0855039815 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0889761343 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0924487963 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0959203356 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_0993923727 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1028644213 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1063365625 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1098086574 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1132806944 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1167528009 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1202249074 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1236970139 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_1271690394 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_3459105556 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_3493826389 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_4917778935 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_4952503935 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_4987222569 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5021943056 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5056663426 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5091384606 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5126105671 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5160827315 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5195551852 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5230273958 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5264996296 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5299714583 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5334440278 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5369159838 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5403880787 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5438605903 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5473328241 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5508050810 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5542773032 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5577495718 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5612217940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5646936111 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5681656829 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5716379861 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5751105556 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5785827893 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5820550579 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5855272801 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5889992014 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5924717940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5959440509 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_5994162847 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6028885301 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6063605208 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6098330324 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6133053009 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6167775579 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6202497801 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6237217130 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6271942824 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6306665509 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6341387616 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6376107060 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6410832755 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6445555208 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6480278009 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6515000347 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6549719560 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6584445370 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6619167824 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6653890278 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6688612616 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6723335301 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6758057870 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6792780208 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6827502778 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6862223495 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6896947685 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6931670139 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_6966392940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7001115278 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7035837847 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7070557176 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7105282986 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7140005440 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7174728009 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7209450116 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7244168866 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7278893750 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7313616204 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7348334144 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7383058565 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7417780903 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7452500347 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7487225810 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7521948380 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7556667708 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7591393519 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7626115856 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7660838310 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7695556829 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7730282986 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7765005440 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7799727546 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7834449190 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7869168171 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7903892708 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7938614583 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_7973336343 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8008054861 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8042780093 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8077502083 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8112221875 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8146942824 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8181667593 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8216386806 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8251107755 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8285832176 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8320555093 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8355274653 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8390000231 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8424723032 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8459445833 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8494167940 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8528888079 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8563612731 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8598332523 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8633054398 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8667779514 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8702497454 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8737219213 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_8771940278 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9356010648 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9389766667 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9424497917 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9459229167 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9493960417 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9667617245 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9702348380 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9737079167 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9771803009 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9806527315 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9841252083 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9875976042 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9910700347 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9945424653 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40444_9980149769 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0014873495 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0049598032 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0084322454 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0119046412 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0153771875 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0188495833 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0223219676 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0257943866 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0292668866 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0327393403 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0535739236 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0570462963 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_0605187500 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_1577410995 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_1612130903 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3452337153 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3704668866 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3739391319 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3774110301 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3808830787 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3843556134 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3878275231 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3912996412 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3947717130 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_3982441551 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_4017164236 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_4051887384 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_4086609606 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40445_4121331829 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Personal Monitor\Order now!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Personal Monitor\REFOG Personal Monitor on the Web.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\REFOG Personal Monitor\REFOG Personal Monitor.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Delete on reboot.
C:\Windows\System32\MPK\MPK.exe (Refog.Keylogger) -> Delete on reboot.
C:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MpkNetInstall.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Delete on reboot.
C:\Windows\System32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\trial_pro.ini (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\upgrade_aeu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\upgrade_aus.png (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Brazilian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\English.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\French.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\German.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Italian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Polish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Portuguese.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Windows\System32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:38 AM, on 9/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Parental Control Tool\utccag.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\Sniper\HijackThis.exe
C:\Program Files\iTunes\iTunes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] "C:\PROGRA~1\AVG\AVG9\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1utccag.exe] "C:\Program Files\Parental Control Tool\utccag.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\windows\system32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: U - Unknown owner - C (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14298 bytes

Dr Jay · « **Reply #22 on:** September 24, 2010, 08:27:28 PM »

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3[/list]

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

oneminuteofclarity · « **Reply #23 on:** September 25, 2010, 12:57:44 PM »

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Premium Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   Sony Corporation
BIOS Manufacturer:      Phoenix Technologies LTD
System Manufacturer:      Sony Corporation
System Product Name:      VGN-CR320E
Logical Drives Mask:      0x0000003c

Kernel Drivers (total 167):
0x8220C000 \SystemRoot\system32\ntkrnlpa.exe
0x825C5000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x805B2000 \SystemRoot\System32\drivers\exll.sys
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807AA000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807B1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807BF000 \SystemRoot\System32\drivers\mountmgr.sys
0x807CF000 \SystemRoot\system32\drivers\atapi.sys
0x807D7000 \SystemRoot\system32\drivers\ataport.SYS
0x805C0000 \SystemRoot\system32\drivers\fltmgr.sys
0x87E05000 \SystemRoot\system32\drivers\fileinfo.sys
0x87E15000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87E1E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E8F000 \SystemRoot\system32\drivers\ndis.sys
0x87F9A000 \SystemRoot\system32\drivers\msrpc.sys
0x87FC5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8800B000 \SystemRoot\System32\drivers\tcpip.sys
0x880F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8820A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8831A000 \SystemRoot\system32\drivers\volsnap.sys
0x88353000 \SystemRoot\System32\Drivers\spldr.sys
0x8835B000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x88371000 \SystemRoot\System32\Drivers\mup.sys
0x88380000 \SystemRoot\System32\drivers\ecache.sys
0x883A7000 \SystemRoot\system32\drivers\disk.sys
0x883B8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883D9000 \SystemRoot\system32\drivers\crcdisk.sys
0x88110000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8811B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88124000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x883FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CC01000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D2BC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D35D000 \SystemRoot\System32\drivers\watchdog.sys
0x8D369000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D374000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D3B2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88133000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C833000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8C858000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C868000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C876000 \SystemRoot\system32\drivers\ti21sony.sys
0x8C943000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C956000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C961000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C98C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C98E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C999000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8C99C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C9B4000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C9BA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D40C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D44D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D458000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D46F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D47A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D49D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D4AC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D4C0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D4D5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D4E5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D4E7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D511000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D54C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D556000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D563000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D598000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA02000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EBAF000 \SystemRoot\system32\drivers\portcls.sys
0x8D5A9000 \SystemRoot\system32\drivers\drmk.sys
0x8D3C1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8EC01000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8ED04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EDB8000 \SystemRoot\system32\drivers\modem.sys
0x8EDC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EDCE000 \SystemRoot\System32\Drivers\Null.SYS
0x8EDD5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EDE5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EDEC000 \SystemRoot\System32\drivers\vga.sys
0x8EBDC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EDF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EDDC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D5CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D5D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D5E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C9E9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x881C0000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F002000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8F03C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F06E000 \SystemRoot\system32\drivers\afd.sys
0x8F0B6000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F0BF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F0D5000 \SystemRoot\system32\DRIVERS\afw.sys
0x8F0E0000 \SystemRoot\system32\drivers\afwcore.sys
0x8F12F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F13D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F150000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F172000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F60F000 \??\C:\Windows\system32\drivers\SandBox.sys
0x8F6BA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F6D1000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x8F6E3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F704000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x8F70F000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x8F718000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F721000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F731000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F73A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F742000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F77E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F788000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x8F789000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F7A0000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8F7A6000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8F178000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F7DA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F7E7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F7F2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97470000 \SystemRoot\System32\win32k.sys
0x8F600000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F1A0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97690000 \SystemRoot\System32\TSDDD.dll
0x976B0000 \SystemRoot\System32\cdd.dll
0x8F1AF000 \SystemRoot\system32\drivers\luafv.sys
0xABC01000 \SystemRoot\system32\drivers\spsys.sys
0xABCB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xABCC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xABCEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABCF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xABD08000 \SystemRoot\system32\drivers\HTTP.sys
0xABD75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xABD92000 \SystemRoot\system32\DRIVERS\bowser.sys
0xABDAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xABDC0000 \SystemRoot\system32\drivers\mrxdav.sys
0xABDE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xACE09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xACE42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xACE5A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xACE81000 \SystemRoot\System32\DRIVERS\srv.sys
0xACEE7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xACEEB000 \SystemRoot\system32\drivers\peauth.sys
0x8C600000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0xACFC9000 \SystemRoot\system32\drivers\regi.sys
0xACFCB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xACFD5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xACFE1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xACECF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xACFF6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8F1D2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77CA0000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
588 csrss.exe
632 C:\Windows\System32\wininit.exe
644 csrss.exe
656 C:\Program Files\AVG\AVG9\avgchsvx.exe
680 C:\Windows\System32\winlogon.exe
692 C:\Program Files\AVG\AVG9\avgrsx.exe
764 C:\Windows\System32\services.exe
776 C:\Windows\System32\lsass.exe
796 C:\Windows\System32\lsm.exe
820 C:\Program Files\AVG\AVG9\avgcsrvx.exe
968 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\audiodg.exe
1456 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\SLsvc.exe
1508 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\svchost.exe
1944 C:\Windows\System32\spoolsv.exe
1972 C:\Windows\System32\svchost.exe
756 acs.exe
1124 C:\Windows\System32\svchost.exe
1400 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1428 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1648 C:\Program Files\Bonjour\mDNSResponder.exe
1688 C:\Windows\System32\svchost.exe
1632 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2500 C:\Windows\System32\taskeng.exe
2576 C:\Windows\System32\dwm.exe
2596 C:\Windows\System32\taskeng.exe
2764 C:\Program Files\AVG\AVG9\avgnsx.exe
2872 C:\Windows\explorer.exe
3084 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
3128 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3140 C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
3348 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
3408 C:\Windows\System32\PnkBstrA.exe
3432 C:\Windows\System32\PnkBstrB.exe
3444 C:\Windows\System32\svchost.exe
3464 C:\Windows\System32\PSIService.exe
3580 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
3768 C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
3776 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3800 C:\Windows\System32\hkcmd.exe
3808 C:\Windows\System32\igfxpers.exe
3816 C:\Program Files\AVG\AVG9\avgtray.exe
3972 C:\Windows\System32\igfxsrvc.exe
4056 C:\Program Files\Parental Control Tool\utccag.exe
2280 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2312 C:\Program Files\iTunes\iTunesHelper.exe
1284 op_mon.exe
2464 C:\Windows\ehome\ehtray.exe
2624 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
1252 C:\Windows\ehome\ehmsas.exe
2412 C:\Windows\System32\svchost.exe
3204 C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
1764 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2480 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
3264 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
3388 C:\Windows\System32\svchost.exe
3428 C:\Windows\System32\svchost.exe
3200 C:\Windows\System32\SearchIndexer.exe
3696 C:\Windows\System32\drivers\XAudio.exe
1984 WUDFHost.exe
3868 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3152 C:\Program Files\AVG\AVG9\avgemc.exe
2892 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
2592 igfxext.exe
2588 igfxsrvc.exe
3720 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
3016 C:\Program Files\AVG\AVG9\avgcsrvx.exe
4152 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
4668 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
4812 C:\Windows\System32\mobsync.exe
5716 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
5592 C:\Program Files\iPod\bin\iPodService.exe
3952 C:\Windows\System32\wbem\unsecapp.exe
1964 WmiPrvSE.exe
1860 C:\Program Files\Safari\Safari.exe
5908 C:\Program Files\iTunes\iTunes.exe
3608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
4704 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
5184 C:\Program Files\Internet Explorer\iexplore.exe
4844 C:\Program Files\Internet Explorer\iexplore.exe
6040 C:\Program Files\Internet Explorer\iexplore.exe
5100 C:\Program Files\Internet Explorer\iexplore.exe
5620 C:\Program Files\Internet Explorer\iexplore.exe
5748 C:\Users\Erickson\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`05d00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC3BP

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9

Done!

Dr Jay · « **Reply #24 on:** September 26, 2010, 01:35:42 PM »

Please download RenewMyDNS by DragonMaster Jay.

Save it to your Desktop.
Right-click on the file and select Extract All...
Choose a location to save extracted files and keep pressing Next until Finish.
Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
Follow the prompts, and when finished it will launch a log.
Post that log in your next reply.
After posting the log, delete the folder RenewMyDNS.

oneminuteofclarity · « **Reply #25 on:** September 28, 2010, 05:23:08 AM »

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6002]

(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))

Windows IP Configuration

Host Name . . . . . . . . . . . . : Erickson-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1A-80-7A-36-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-4D-91-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::685d:2900:e3ea:3d68%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 28, 2010 3:55:28 AM
Lease Expires . . . . . . . . . . : Wednesday, September 29, 2010 3:55:32 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218108904
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-0D-65-5B-00-1A-80-7A-36-7F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EC35506C-B677-4D18-B600-6F2E65C71A93}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{58B02553-AABA-4F26-8771-44087050ACBA}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=61ms TTL=55

Reply from 209.191.122.70: bytes=32 time=64ms TTL=55

Reply from 209.191.122.70: bytes=32 time=61ms TTL=55

Reply from 209.191.122.70: bytes=32 time=61ms TTL=55

Ping statistics for 209.191.122.70:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 61ms, Maximum = 64ms, Average = 61ms

Pinging geekpolice.net [64.202.189.170] with 32 bytes of data:

Reply from 64.202.189.170: bytes=32 time=106ms TTL=117

Reply from 64.202.189.170: bytes=32 time=97ms TTL=117

Reply from 64.202.189.170: bytes=32 time=97ms TTL=117

Reply from 64.202.189.170: bytes=32 time=98ms TTL=117

Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 97ms, Maximum = 106ms, Average = 99ms

Pinging facebook.com [69.63.189.11] with 32 bytes of data:

Reply from 69.63.189.11: bytes=32 time=98ms TTL=243

Reply from 69.63.189.11: bytes=32 time=101ms TTL=243

Reply from 69.63.189.11: bytes=32 time=101ms TTL=243

Reply from 69.63.189.11: bytes=32 time=101ms TTL=243

Ping statistics for 69.63.189.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 98ms, Maximum = 101ms, Average = 100ms

Pinging microsoft.com [207.46.197.32] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 207.46.197.32:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

Dr Jay · « **Reply #26 on:** October 02, 2010, 01:49:30 PM »

Hello.

Sorry for the delay.

Do you have a router?

oneminuteofclarity · « **Reply #27 on:** October 03, 2010, 08:55:40 PM »

No problem, we do have a router, a 2wire from AT&T.

We've also been getting an error after we run IE that says 'Logon process has failed to create the security options dialog -- Failure - Security Options'. The only irregular settings I know of with our IE is what AT&T told us to do with the internet which was to lower all the security options. Our computer will slow to a crawl and after a few minutes the error will pop up but we have to restart the computer to get it working again. I wasn't sure if this has anything to do with the Trojans or if I should post it in another thread.

oneminuteofclarity · « **Reply #28 on:** October 08, 2010, 05:44:21 AM »

I got IE 9 downloaded and installed and that seemed to fix our Explorer problem. I ran another set of scans and still found Trojans and Keylogger files. I also downloaded Outpost Firewall. Is this because of the quality of my anti-virus or is there another reason these keep appearring? If it could be a problem with the firewall or AV, what would you recommend getting?

Here are the logs for the scans:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/06/2010 at 05:25 PM

Application Version : 4.43.1000

Core Rules Database Version : 5639
Trace Rules Database Version: 3451

Scan type : Complete Scan
Total Scan Time : 10:25:40

Memory items scanned : 790
Memory threats detected : 1
Registry items scanned : 9685
Registry threats detected : 0
File items scanned : 217624
File threats detected : 7

Trojan.Dropper/Win-NV
   C:\WINDOWS\SYSTEM\MPK\MPK.DLL
   C:\WINDOWS\SYSTEM\MPK\MPK.DLL

Adware.Tracking Cookie
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@atdmt[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@doubleclick[2].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\erickson@atdmt[1].txt
   C:\Users\Erickson\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4761

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

10/7/2010 9:07:00 PM
mbam-log-2010-10-07 (21-07-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 358832
Time elapsed: 13 hour(s), 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\MPK\1\I40458_7696806250 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_7731527315 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_7905131250 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_7939852199 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_7974573264 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_8009294444 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_8044014815 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_8078735880 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\ProgramData\MPK\1\I40458_8113456482 (Refog.Keylogger) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:48 AM, on 10/8/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\Sniper\HijackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Windows\system\MPK\mpk.exe,
O1 - Hosts: 209.191.122.70
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] "C:\PROGRA~1\AVG\AVG9\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1utccag.exe] "C:\Program Files\Parental Control Tool\utccag.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\windows\system32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: U - Unknown owner - C (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15002 bytes

Thanks!

Dr Jay · « **Reply #29 on:** October 09, 2010, 03:13:18 PM »

My apologies.

Let's begin by opening up Internet Explorer, and go to the following address:

http://192.168.1.1

if that does not display a blank page with a password prompt, then try this one:

http://192.168.2.1

Once you get the password prompt, enter your password if you selected one, or otherwise enter in admin in to the password box.

Once you confirm that, you shall see the router configuration screen.

Please list for me the values included in the boxes similarly named:

-Internet Connection type
-Local IP address
-Static DNS 1
-Static DNS 2
-Static DNS 3
-IP Address Range
-Host name
-Domain name

If some of those you cannot find, then let me know which ones you could not find.

After I know this information, I will tell you how to proceed after this.

Computer Hope Forum

News:

Author Topic: Re-appearing Trojans (Read 18394 times)

oneminuteofclarity

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

Dr Jay

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

Dr Jay

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

Dr Jay

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

Dr Jay

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

Dr Jay

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

oneminuteofclarity

Re: Re-appearing Trojans

Dr Jay

Re: Re-appearing Trojans