1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Malware Removal Logs for Review

Discussion in 'Malware and Virus Removal Archive' started by Blast Dragon, 2011/05/15.

Thread Status:
Not open for further replies.
  1. 2011/05/15
    Blast Dragon

    Blast Dragon Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    2
    Likes Received:
    0
    [Inactive] Malware Removal Logs for Review

    So, I read and followed the instructions in the "Read Before Posting" thread at the top; and as far as I know I'm clean. I just need somebody to check the logs and make sure of it. Any help would be greatly appreciated.

    Here's the Malwarebytes Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6584

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    15/05/2011 8:41:32 AM
    mbam-log-2011-05-15 (08-41-32).txt

    Scan type: Quick scan
    Objects scanned: 162807
    Time elapsed: 3 minute(s), 7 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 139
    Registry Values Infected: 9
    Registry Data Items Infected: 0
    Folders Infected: 15
    Files Infected: 72

    Memory Processes Infected:
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3204 -> Unloaded process successfully.

    Memory Modules Infected:
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
    c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
    c:\program files (x86)\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    I'll b posting the other logs shortly. They won't all fit in one post. Thanks again!
     
    Blast Dragon,
    #1
  2. 2011/05/15
    Blast Dragon

    Blast Dragon Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    2
    Likes Received:
    0
    Here's the GMER Log:

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-15 09:26:02
    Windows 6.1.7600
    Running: jejvq2in.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????????<????????????B??????????????hamachi.inf???????6????????????????W<????????????????????v??????.NT???????N????????????D????Microsoft 6to4 Adapter #18??????? p?????????????@n????????????????????$??????????????????????1??????????????????????????????2??????????????????????????????????????????????????????????? ??????????????????? ????????????&???????????????????????????????????????????????????????????????????z??????????????????????input.inf????????????????????????????????????????????????????????????????????0??? ???????Z?????????????0????????????&????????????????????????????????u??????????????Teredo Tunneling Pseudo-Interface???????????? ???????1???????????????????d???????????0?????????????? ????4?????????????? ????5???????5???????????(???????n?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????|??http://192.168.1.110:80/WSD/DEVICE??}????????????????????????????h????h?????4f??*6to4mp?????????????Microsoft 6to4 Adapter #238?-9??????s?????????????????N?????????????????????????????????nettun.inf??p6??tunnel??????????????int?????? ??????? "?????5A9????~?????????????????os??????????????????e???6.1.7600.16385????????????????????????2Local Area Connection* 73????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????4Microsoft 6to4 Adapter #66????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????????????????Root\*6TO4MP\0209?????z??????a??????20???????????k???e??Microsoft 6to4 Adapter??ta???????z?z?z??????????????????????????????????nd????????N??????5????Dtap????.??????????e??Microsoft?????$??????z??????????Root\*6TO4MP\0218?????z?????????????????\Device\lltdio_{F506869F-9A9A-4311-9B31-59F83536BC08}?\Device\lltdio_{AA457185-9943-46F9-AA90-1623E73050CD}?\Device\lltdio_{2712203E-877F-4B4F-971C-F8CC7FE40529}?\Device\lltdio_{81786BD6-2FE3-4552-9B04-4CCED78A4511}??B??? ???????????????????j?0??????*????? ???????? ??????????\\?\Root#*6TO4MP#0221#{cac88484-7515-4c03-82e6-71a87abac361}????\\?\Root#*6TO4MP#0222#{cac88484-7515-4c03-82e6-71a87abac361}????Root\*6TO4MP\0223?????z?????????????????\\?\Root#*6TO4MP#0223#{cac88484-7515-4c03-82e6-71a87abac361}??????$?????????????????Root\*6TO4MP\0224?????z?????????????????\\?\Root#*6TO4MP#0224#{cac88484-7515-4c03-82e6-71a87abac361}????{4d36e972-e325-11ce-bfc1-08002be10318}\0034?? ??8}\0034?? ???????????????????????e?????????? "{F506869F-9A9A-4311-9B31-59F83
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ?????????????e??*6to4mp?????????????????????????????@nettun.inf,%msft%;Microsoft?F??Net??????????j???????????4?4?4?4??????????????????N?????????????l???{4d51d6df-00c1-11e0-9ffb-c80aa97d578e}??????@nettun.inf,%msft%;Microsoft?????y?y?z?y?z?y?z??????????? ???h?????????552????N?????????????????? ???j??????????????????????????8???????????usb.inf???????X??????a???t???????k??D:\?????Microsoft 6to4 Adapter #16??????????????????????????????????????????????????tunnel???????????e????:?????????????????????????.NT??????&??????????????????????????????? ??????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????????????????????O:SYG:SYD:(A;;CCRC;;;BU)(A;;CCRC;;;NO)(A;;CCDCWPSDRCWD;;;NO)(A;;CCRC;;;BA)(A;;CCDCWPSDRCWD;;;BA)(D;;FA;;;WD)????????????O:SYG:SYD:(A;;CCRC;;;BU)(A;;CCDCWPSDRCWD;;;BU)(A;;CCRC;;;NO)(A;;CCDCWPSDRCWD;;;NO)(A;;CCRC;;;BA)(A;;CCDCWPSDRCWD;;;BA)(D;;FA;;;WD)??????????O:SYG:SYD:(A;;CCRC;;;BU)(A;;CCWPRC;;;BU)(A;;CCDCWPSDRCWD;;;BU)(A;;CCRC;;;NO)(A;;CCWPRC;;;NO)(A;;CCDCWPSDRCWD;;;NO)(A;;CCRC;;;BA)(A;;CCWPRC;
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????h?h?j?k?k??????????????????????6to4mp.ndi??????????????????????????????@volsnap.inf,%msft%;Microsoft??????e?????????????B??HIDClass??????N??????-????D47B??????????????????????*6to4mp??????????b??@volume.inf,%msft%;Microsoft????????????????????????????? n??????????????????A??????d.??????????????Microsoft????????????h?h?j?j?k?k?j?k?k???????????-???e??int?????????tunnel??????????????? ???????_????????????????????0????????????????\La???????????B???????s???????????{??????D6????????6??????????????V?e?f?W?f?f?f?f?W??d "???????????????????4??19??*6to4mp?????? ???????n?????n?n??@volsnap.inf,%msft%;Microsoft???????Microsoft???????????????????????????int?????tunnel??????@%systemroot%\system32\drivers\mup.sys,-101?????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????*6to4mp??????e??????????????????????????????? P??????2?????42}???????????????k???????????????????m??6-21-2006????????????????f??????????????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}? 73??@machine.inf,%gendev_mfg%;(Standard system devi
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????? ??k???7??????????????????????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????@nettun.inf,%msft%;Microsoft??????6?????????????16??? ???n????????????????8?????????????16??????????????????????????? ???????h?????????????,?? "?????p?????????????????????????????6??????0??????11???????????f???????????????t?????svo???????????????????i?????sft??int?????Microsoft 6to4 Adapter #67???g??????????????????????????5???*6to4mp?t???? ???????????????????j?????????? ???????????????Network Address?????? ???????????????????o?????????? ????????????? ?????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??????Microsoft 6to4 Adapter #70?.dl????6?????????????16????6?????????????????????????Net?86????6??????2???????1??Microsoft 6to4 Adapter #73?25???@nettun.inf,%msft%;Microsoft????? p?????????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter???????N????????????D?????????????????????????????????????????????[?i??????????????????????:???????????????X??????T???U???????????????5??*6to4mp??????????t?
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ?????z??????????????????????input.inf????????????????????????????????????????????????????????????????????0??? ???????Z?????????????0????????????&????????????????????????????????u??????????????Teredo Tunneling Pseudo-Interface???????????? ???????1???????????????????d???????????0?????????????? ????4?????????????? ????5???????5???????????(???????n???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????0???????????????????????????~???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????[??????P????????[??????P????[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?[?
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????tunnel?350???????????????????????????s??????????????????*6to4mp??????????????y???e??tunnel????????N??????1?????D-7??*6to4mp??f??????????????????tunnel?eAd??{4d36e972-e325-11ce-bfc1-08002be10318}\0079???????:??????0?g4C???????????????????????????????????????????n??????????????????????????*6to4mp??l??????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????s??????????????????????in???????????c???????????????1??????-C????X??????.??????11???????????*??\0???????????B??????? p?????????????????H????j??????????????????????????????????Microsoft 6to4 Adapter #66??????????????11??????????????????????tunnel??????????????text????????????????????????????? ???????0?????????????,?? "?????p?V??????????????????0??????????????????????????????????????????????? .?????????????????Microsoft 6to4 Adapter??p???????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ???????????????????f?0????????.?????????????????????????????????????.????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ?????????????????????????????????????????? ??????????e??ROOT\*6TO4MP\0012???{4d36e97d-e325-11ce-bfc1-08002be10318}\0028???????????????????N??????d???????????????????B??? ???????0?????????????,?? "?????p???????di??????Net?????? ???????|???????????h?:????????????&????????????????????-???????????????B???????????????????????????????e??????????*6to4mp?????? p??????6?????7ab??tunnel??????????os???????????????????????????????????v??????? ???f??????????????????I????d??????????????????????????????? ?????????????????????0????????????&??????????????????????????????????????d??????????????X??????a??????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files (x86)\epson software\event manager\eeventmanager.exe|Name=EEventManager Application|Desc=EEventManager Application|Defer=User|????????????????????? p??????????????????????????????????????????d?h????????????????????28??????nettun.inf?tap????????????X??????a???t???????????????t???????????? ??????0??????????????????????|??????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ??????????????????????????N??????????????????????????????????????????f??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter???????N??????p?????D????????????? ?????s8????????????F??????F}??????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????N??????i????Dlow??{4d36e972-e325-11ce-bfc1-08002be10318}?8:*??? ???z???p?????ll,????8?????????????16???????z???????????????????3??s???{4d36e972-e325-11ce-bfc1-08002be10318}\0175?? ??Microsoft 6to4 Adapter #160??2??@nettun.inf,%msft%;Microsoft?C??? p?????????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter???????N??????a???????????????????b?????s39??????????????????????????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ???z???A?????l,-??{4d36e972-e325-11ce-bfc1-08002be10318}\0176?}????????????3??s????3??s???????????????????????????????????????????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ???z???????????????????????????????????}??????ip?????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????????P?p??7??? *???????????????0?????????????????????????????????????????????s????????????l??????{0h???8?????????????16@?@nettun.inf,%msft%;Microsoft?6???????????g????????????????????????????(???N???????????????????:?????????#???? p???????????????????????????????????????@?Microsoft 6to4 Adapter #162?AT0?????????????????????????????????????????text?T????????????????????????????N?????????????????? p???????????????????????????????????????0???????????????????????(??????????8??????0}x?@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter???`?{4d36e972-e325-11ce-bfc1-08002be10318}\0167???0???????????????????????0???????????????????????X?{4d36e972-e325-11ce-bfc1-08002be10318}????H?Microsoft 6to4 Adapter #171?F}??il??????C:??????????????le??????r\??????r\???????e???????e??????????????????????????????????????????? ?????????????????????0????????????????????????????????????tunnel???????????????B????????????????????????????(?? ??????????????????????????????????????????? ?????????????????????0????????~???????????net
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????????????t??? ???????}?????pip??\\?\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}????????????????????????????????? ??????????????????????????????Net??-???????????_??????????d???\\?\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}?-??Microsoft Virtual Drive Enumerator Driver???mdd.sys??????????j?p?j?k?j?z?z?z?z???p???u?v???z?????????????????&???y?y?y?y?y?y?????????????8??6-21-2006?????????????????????????????????????????????????????????:??????k?g?k???????????????????????????????????=????????????????^?????????????????{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp??????????????????????????????????????????????????????? P??????????????????????h??????????Microsoft???????????Local Area Connection* 12???? ?????????????t???????0??L????????? ???????? ??? ?????????????????????0????????????&???????????????????????? ???????,?????????????,????????????????????? ?????????????????s?m????N??????????????????????????????????????&??Disk drive???a???????????5???????????4?7?7?8?8?8?8???8?????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ????????????????????????????????????????????????????????????C1??????C1??????????11??????????F8??????id????:????????g+????????1??*6to4mp??????????????????????????????????????????????????????e??{4d36e972-e325-11ce-bfc1-08002be10318}?4BE??????????????????????????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?D}??tunnel??????????????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?(????{4d36e972-e325-11ce-bfc1-08002be10318}?y?y??? ???z????????????????8??????1??????7???? p?????????????????????????????????????0.???z????????????????????????X?????? ??????WSDPrintDevice??????Device??????int??????????57?????????16??????????????????????? ???z???e?????Tun????8??????6??????\D??????????? p??????D?????vic??tunnel??????@nettun.inf,%msft%;Microsoft?r????N?????????????????????????????????????????????????ct??? ???h???B??????????????????? ???h???0??????????????????????????????tunnel??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0166?9-??? ???j??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0171
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????????????????????r?(??????????2???e???k??????????? ?????????????(?????????????????????e??? ??????????????????????????? ??????????*6to4mp?r???tunnel?4-B????????????????????????s?????????????*6to4mp?????? ???????|???????????u?:??????????6?&????????????????????} ???X??????a???t????? ???v??(?? p?????????????????????????????????????????? ???????0?????????????,?? "?????p???????01??????????????????????????? ???v???a???????????????? ???:??????U?g?U???????????????????????????w???????????????B??????????H???????????????????????????????????.e??? ???{???1????????????????(???N????????????D????????FF??????????????????????int???????????????0?????????????????????????????????????? ???????D?????20-??*6to4mp???(??? ??d??????p???????????????tunnel?C17(??????????F??????????????????? ???{??????????????????????? ???{???A??????????????????? ???{??????????????????????????????????????????????? ???{???0??????????????????? ???{???_??????????????????*6to4mp?????????????????tunnel??4?????X??????a???t????N??????1????D?s???? ???{?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????????????????????????????????????????????33??? ???????U?????????????,????????$?s?<???????????????????????????????1E????N??????8??????????????????????s???????????? ?????????????????????,????????z?????#81E???????????????e??Net??h??????????????????????????????6-21-2006???????????????????????????????#?????N??????C????Dgra???????????????e?f?f?f?g?h?h?h?h?f?f?f?h???f?f?f?f?g?h?f?h?h?g?h?h?h??LegacyDriver? ??????????????#?????????????P???????????h?????@hal.inf,%acpi_amd64.devicedesc%;ACPI x64-based PC??????@blbdrive.inf,%msft%;Microsoft??????Microsoft???????????int??????????????????????????????????????????s???????????????????????k??? ??????? ?????\Av??????????? ??????????????????Microsoft???{4d36e972-e325-11ce-bfc1-08002be10318}\0017?nf??@circlass.inf,%microsoft%;Microsoft?????3E??@blbdrive.inf,%blbdrive.devicedesc%;File as Volume Driver?????????????????????????????????????????8?????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}?.dl???????????????????????B??????????????????Microsoft???????????????6-2
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????????? ?????????????????????????????? ????????????_??Type?????? ???????????c?????Network Address??????????????????t???? ?????????????text?????? ???????????c?????? ?????????????????????,??????????????????????s6to??????????7???11??????????\0??????????*6to4mp??f??? ?????????????????????0??L????????? ??????69???? ?????????????????????0????????????&????????????????????F??? ?????????????????????0????????????????????? ?????????????????????0????????~?????????????~??????1??C7??? ?????????????????????0????????????????????Microsoft?????@?? ??@???e?????inJ??*isatap?????????????????????????????????????????? ???????????????????????e??? ???????@????????????????????$?N?????????????????????????????????N?????????????????{898D7F0F-0932-4886-AC00-F92D27D2DFF1}???????????????????????????????????????s??? ???????c???????????????????e???????????????????????4??\0????????????????????????$?????????????????ROOT\*6TO4MP\0163????????????????????????????????????????????????????4???h???????????????????3?????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????? ??????????????????????????????????d???*6to4mp?????? ???????Z?????????????0????????????&???????????????????????? ?????????????????????0??????*?6??? ?????????????????????????????????6?????? ??o4??Local Area Connection* 181??????Microsoft ACPI Control Method Battery Driver?????~????????????????????????????????????????????????????????????????????????(??????????n???????????\?g???n????????????????? ??????????????d0h??????????r????????@?IPBusEnum Root Enumerator???????????????? ????????????????X?umbus.inf_amd64_neutral_694fa3d3c00382f7????? ??????????????????????????????????6to4mp.ndi??14??????????? ???????Z?????????????0????????????&???????????????????????? ?????????????????????0??????*?6??? ???????in??????????????????????Local Area Connection* 180??? ??? ??????????????????????????????????&????????????????????????~??????????????????????????????????????????????????????????????????????????machine.inf_amd64_neutral_9e6bb86c3b39a3e9????@?system32\drivers\Wdf01000.sys???????????????????Microsoft 6to4 Adapter?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ?????????o??????????????????????? p???????????????????X??????a???t??????????????????????????????????????????67??.NT????????????????????s??????:??????O?g\*???????????E??????85?????t????????????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?BIO??? p?????????????????? p???????????????????N??????0????D-FF??? ???r???-?????000??????@u??????????????46??????????????16??tunnel??????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????p?????????????????????????????????? ????????????????????????????*????? ???????1???????????????????????t???????????????????????????? ????????????????????????????*????? ???????2???? ????????????????????????????*????? ???????3????????????9??????????t1??????????????????????????????????????? ????????????????????????????*????? ???????4???????????????????????????? ????????????????????????????*????? ???????5????????????T??????????te??? ????????????????????????????*????? ???????6????????????7??????????t2??? ????????????????????????????*????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s?s??????t????????k???????k??????????Generic volume???????k?k??????????????N???????????D??????????????,??????????mrxsmb???????k???????????????????????????????????k???2??????volume.inf?0?0??????????LegacyDriver?c??? ???????0?????ED7???????e??????????? ???????j?????k?????k?,?????????? ?????????????????????????????????? ???????k???????????h?,????????\???????????? ^??k?????????s?????????????/???n???????k???/???/???????????z???z??LegacyDriver????Net????????k?&??? ???????j?????k?????k?,??????????5???????????????????N??k????????D????????????????????s????????? ?????????????????????????s?0????N??m????????D??????????k??????p???11????????N??k????????D?????????????????t????????????\??ta???????????k??????????????? ???????k?????????????,????????N????????????k??volume_install?0?:???????k???z???z??.NTAMD64?????V?k?k?k?k?k????Co???????????????????????????????f?k?k?k?????c??tunnel???????k?k?1?????k?&???????k??????s???{8ECC055D-047F-11D1-A537-0000F8753ED1}????????N??k????????D?????LegacyDriver????????????????????? P????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ?????s??????????????????????????????????*6to4mp??p???????????s??RPCSS???????? ???????s???????????s?????????????? ???????????? ??????????????????? ???????n?????s?????s??????????@????????????? "??s?????????e????@keyiso.dll,-100??????@??s????????h?????%SystemRoot%\system32\lsass.exe??????? "??s?????????n????@keyiso.dll,-101????? ???s??????????????LocalSystem?????RpcSs????????????????????????????????s?????????????? ????????????????s???????????e???s?s?s?s?s?s?s?s????? ???????s???????????s??????????????????????????????0????????????????????????????????????? ????????????????????????????????????????????????????????????s????? ???????n???????????s??????????8???????????tunnel???z?????????????????????g?????????[???????e???????????????????????s???s?s?s???????????????????????e???????e???s??????????????????????????eF???????s?????????????s?u??????????????????????11??????? ???????n??????????????????????:????????g???????3????????????0??s?????????e??????<???????????h?????*6to4mp??2???????u??????????????????????M????a?????????sn*?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ????????{E23660CB-989B-4618-82FC-3D7790047BA7}??????????? ???4???d???????????????????????????????????????????????????????C??????1-??????????????\Device\{5761B5A9-42B5-4B47-B82E-B3B9984C175E}??-8??????????? ???U??? ??????????????????Tcpip6??NNEL?Tcpip6???????`???????????????X??????????t???????????u????????H???????????????4??????????????????j?n????????????????Tcpip6??NNEL?Tcpip6?????????????11???????????????????????????????????n???8??se??????????????text????? ???U???D???????????????????????????s??ep??????Realtek HD Audio Line input??????????j???????e??????????nettun.inf????????6?????????????????text????Tcpip6??NNEL?Tcpip6???????,?????????????system32\DRIVERS\dc3d.sys????????????????2????d552????`??????i???s???????????????:??Tcpip6??NNEL?Tcpip6???????2?????????????????????????????????????????????????????????? ???????T????????????????????????????????e???????????????????????????????X??????????t??????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}?o?o??????????????????????t???*6to4mp
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???n?o??? ?????????????????????????????????????t??????<??`???????c????f??`???????????????'????????????????????N??`????????????????????????????t?????tunnel??????????????????t????????[???????t????????????????????????????????4??`?????????e????????????????????????????? ??????????????????WmiAcpi??????????W???????????????????????????????????????????????????????????????????V???&???e??????????????????????????????????2?????????47?????????????????? ???????????????????????????????????5398-158????????????????????????????????????18?????????0???????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????L??\????????????y?????CertPropSvc?SessionEnv???????f?????????? ????-???????-??*6to4mp??B???\?\???????????????????????????\???\???\????????? ???????\?????\?????\????H?????R???$?????????????????????????R??\??????????????@%SystemRoot%\system32\wlansvc.dll,-4097??????R??\?????????n????@%SystemRoot%\system32\wlansvc.dll,-4098??????N??\??????????????@%SystemRoot%\s
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ????????Tcpip6??NNEL?Tcpip6?????????????11???????????????????????????????????n???8??se??????????????text????? ???U???D???????????????????????????s??ep??????Realtek HD Audio Line input??????????j???????e??????????nettun.inf????????6?????????????????text????Tcpip6??NNEL?Tcpip6???????,?????????????system32\DRIVERS\dc3d.sys????????????????2????d552????`??????i???s???????????????:??Tcpip6??NNEL?Tcpip6???????2?????????????????????????????????????????????????????????? ???????T????????????????????????????????e???????????????????????????????X??????????t??????????????????????????????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}?o?o??????????????????????t???*6to4mp?????????????????Tcpip6??NNEL?Tcpip6??c??????????Root\*6TO4MP\0098????????????????/??????????????????????????????????????????????????????????????????Root\*6TO4MP\0101???????????????????????????}???6-21-2006???? P?????????????????? ???Z??????????????????????? ???Z???.??????????????????? ???Z???-????????????????????$??????-???????3??????????8E??Net??k?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????????? ??????????????????????????????????????????DefaultInstance11d??? ???????????????????}?????????? ?????????s?????DefaultInstance?????????????????????????????????????????? ???????/???????????-?0????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????? ???????????????????m?0?????????????????????????????g??y:???????????3??:p???????????&??v_????????????N?????????????????{4d36e97b-e325-11ce-bfc1-08002be10318}????????:??????/?g?/??????? ???????????????????????????? ?T???????????{4d36e97b-e325-11ce-bfc1-08002be10318}\0000?????????????????????? ???????8?????????????0????????????&?????????????????????????~?????????????????? ?????????????????????0????????????????????? ???????????????????/?0????????????????????????????????????DriverInstall???? ??????????????????DriverInstall???? ?????????????????????0????????????????????? ???????????????????m?0????????????????????????????????????oem15.inf???? ?????????????????????~????????????$??????????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???d?t??? ???????`???????????`?????????? "???&????????????????????????????`???????e??wfs.exe??????? "??`??????????@WFSR.DLL,-25105?????`?`?`???`?`?`?`?????`???????????????????`??????????wfs.exe,-128?????? "??`??????????@WFSR.DLL,-25106????*6to4mp?????? ???????`???????????`????L???$?N??? ???????t???{d711f81f-1f0d-422d-8641-927d1b93e5e5}??????Epson Event Manager??????????n???n??rk??? ???????`?????`?????????????????????????g??? ??????????????????? ???????`???????????`???????? ?>???????????Still Image Client Application??????????4???????l???????????? ???????`???????????`???????? ?>?????????????>??`??????Still Image Monitoring Process??????????4???????l????`?`???????`???`????? ???????`???????????`????????*?????????????????????????????????????y???? ???????`?????`?????`????????6?????????e?????????????????????s?????????????????????????????? ?????? ??????????????????????????????????????????g????????? ???`?????????????????s??????????????????????l??????`?`?`?`?`?`?`?????????????????e???????`???`???`???`???`???`????????? ?
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ??????????????????$?????????????????Root\*6TO4MP\0070?????z?????????????????.NTAMD64?z???????????z???????z??????\\?\Root#*6TO4MP#0041#{cac88484-7515-4c03-82e6-71a87abac361}?-????z??????-??????1a???????k???Z??????LocalSystem?????Root\*6TO4MP\0068?????z??????????????????????????????????1??????????????? ???????o????????????$??????\???????*??????????%SystemRoot%\system32\Wat\WatUX.exe?????volume_snapshot_install???????????????????????????????$?????????????????Root\*6TO4MP\0071?????z?????????????????Microsoft?????????????????????????????z??????7??????F-???????????????? ?????Point64?????????????????????volume_snapshot_install???????V????????????????e??????$?????????????????@volsnap.inf,%msft%;Microsoft????????m??? "???e??? ?????????????90D??????????????????????????????????????Root\*6TO4MP\0066????????????B???????????????l????z???????????????????V???????????????????????????$?????????????????Root\*6TO4MP\0072?????z?????????????????Local Area Connection* 17???? ???t????????????????$??????@???????l??Root\*6TO4MP\0073??
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????l,????????????????????????????????????????????????????????????????????????????????McAfee Inc.???????McAfee Firewall???????mfevtp?????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ????????????????????????&????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????^????????????n????@%SystemRoot%\system32\drivers\nsiproxy.sys,-1???????????????????????????????????????????????????????????n?t????????????????????????t??????????????????????????????????e?????l?n?l?n?n?n?n??\??\C:\Windows\system32\drivers\NTIDrvr.sys?rs????????????????????????^???????????h?????\SystemRoot\system32\DRIVERS\nuvotonhidcir.sys?910????2????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???k?n???????????k???????????????????????????????.??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????k???????~???k????N??k????????D?????ms_pptpminiport??1????????????N??k???5????D-bf??????????? ???????????????1???????????????????k?k?????????&???k??? ???????j?????k?????k?,???????????? ???????L????g?h?k?j?k?k?h???k??? ???????k???????????h?,????????^??????????????????????????s????LegacyDriver??????X??????????e??Net?????n???E-???????e?????????????????????????k?&??????????????????????Kernel Mode Driver Frameworks service???????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???0?????????????????s?/??*6to4mp?????.NTAMD64?????k???k??????????????????????? z?????????????????? 6??????7?????F-9????????????????????????????N??k???l????D??????????k??????s?????N??k?????????Dhi???????????????h???????e??????E-??text????tunnel???-????N??k?????????4?????????h???????e??????1???????????File system??????k??????????????????hi???????n???+???+??????????????????LegacyDriver?????n?n????*6to4mp?????? ???????j?????k?????k?,???????????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ?????????????????????D???~??? ??????????????s???Root\*6TO4MP\0074???????Type?????????????}???1??usbstor.inf???????$?????????????????Root\*6TO4MP\0081?????z?????????????????????????????????????????????pcmcia.inf_amd64_neutral_1678e66e0cbb04b2???????????????t???PCI Bus Driver??????????????????????Boot Bus Extender?????2???????????h?????System32\drivers\pcw.sys?????????????????????????t?t?????????????k?k?n?t?u?t?t??Microsoft IntelliPoint Filter Driver??????????????????????????:???????????h?????system32\DRIVERS\raspptp.sys??????R????????????e????@%systemroot%\system32\rascfg.dll,-32006??????R????????????n????@%systemroot%\system32\rascfg.dll,-32006?????t?t?????????????????????????????????????????u??@%SystemRoot%\System32\drivers\pacer.sys,-101???WAN Miniport (IKEv2)?????u?u??????????????\????????????n?????????????r???????????????????I????????????*????????????n????WAN Miniport (IKEv2)?????????????????????????u?u?u?u?u???u???u????:???????????h?????system32\DRIVERS\rasl2tp.sys??????R????????????e????@%systemroot%\s
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ????el??????????24??????\\?\Root#*6TO4MP#0043#{cac88484-7515-4c03-82e6-71a87abac361}?B???????????????????t???h????????????????????N???????????D?|????????????????V??e0??????????????????????????Root\*6TO4MP\0077?????z???????????????????:??????9?g47??v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|?PI.dll,-32752|????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|???????????????????????\\?\Root#*6TO4MP#0226#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{A92BAFE2-03F0-429D-9932-3886367F04B2}?????\\?\Root#*6TO4MP#0227#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{FA5E6972-F271-450C-8F8F-DB547D3C9FF3}?BA????z??????????????????????k??????????? ????????????????????????????$?????????????? ??Root\*6TO4MP\0076???6-21-20
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???`?????????k???????????????????y???????????????y???????r???????m??system32\drivers\HTTP.sys????????h???n??2???*6to4mp??0??system32\DRIVERS\hidusb.sys?\hidusb.sys???????4??r????????h?????Net?????tunnel?(????????????????????????????tunnel?ft?????P??r?????????e???????r?????r???r??????????????? ???????n?????r?????r????????$???n????x????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??r????????h?????%systemroot%\system32\fxssvc.exe????????????????t?????????????????????P??r?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????r???+????????@??r???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??r??????????????NT AUTHORITY\NetworkService???????,??r???+???????+???????????????????????????r??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????r?r?r?r?r?r?r?r?r?r?r??????????????????????????? ???????r???????????r?????????????????????????????????p?????????????(??????P??????????
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???d?????????y??????????????t???????????????tunnel??????????????????????LegacyDriver????? ???????????????????????h???-???????.??Microsoft???????????????PlugPlay????????????t????O???????????t???????????e???????????????????[???a???e??*6to4mp?????????????TDI?????? ???????t?????t?????????????????????????s???????t??????????????? ???????t???????????k????????(???????1??????????????????????t???????????????????????????{?{1???? ???????t???????????\????????(?>??????1??????X??????y???t???????????????????????t???????????t?t1????t??? ???????t???????????p????????(????????????????????????????????????????????????????????t1????t?t?t?t????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????l????????(???????6?????????????????????????????????C????t?g???????????????t1??t???t???t???t6??t????????? ???????t?????t?????a????????(?????????????? ???????t???????????t????????B???????1??????!????????????????????????e????????????????????????????e???????????????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???t?u???????p???y??O2Micro??????????????8??th??oem17.inf???@%SystemRoot%\system32\drivers\netbt.sys,-1??????????u????????????????????????????????:??t????????h??????t?t?t?t?t?t?t???????????9??*6to4mp?????? ???????t???????????o???????????????????e??11???????????y???????????????????????y???????p???y???????u??text?|??????*6to4mp??z???????y???????y???????y????`??t?????????n????Performance Counters for Windows Driver?????system32\drivers\peauth.sys?????system32\DRIVERS\point64.sys??????J????????????e????System32\DRIVERS\srv.sys????????t???11?Hlp??Net?????????????????????*6to4mp?????????????????????????????p8???????????????p??????????????????????????????????????????????????????? ???????t???????????j?????????????? ??????????????????????g???????t???t????? ???????n?????t?????t?9????????X???????T?????2???????????h????????????????????????????????????????????????????????????????????????t????Net??y??tunnel???????????????????????y??????ou???????????????????????????????????????/??????????6.0.2.2????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???h?s??? ????????????????????N??d??????????? ??*6to4mp??&??????????????&d???????????????????????????0???????e??tunnel????????6??`?????????n[????`?`?`??%SystemRoot%\System32\LogFiles\AIT\AitEventLog.etl??????*6to4mp?????? ???????`???????????`???????? "?J???$???????????????????????Default Connection Handler??]???Default Connection Handler??`?????J??`??????D???2be8bdbb-be09-499d-9a4b-4637e09ae00b??????????????????????n?????? ?????? a???????????`?,?????? "?H???$????????????????????????????????,???????,??? ???????,???????-???????????,?????????,?,????H??`???,???,??Media Center Entertainment Terminal??,???`?`?`?`\x???????`???????????y???????????????????????????????????????????????????????????????? ??????????? ??????????????????????`???????????y???????????????????????????????????????????????????????????????? ??????????? ?????????????????? ???????a????????O??`????????8?$??????????????????????????????????????????????????em????????????????????????????????????????s??rdpwsx?,?,?????????????????????????????????????????ms??
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???o??????4??o??????????????????????????????????????tunnel??30??Net?????RPCSS???????? ???????n???????????n??????????R???????????11???????:?n?n?n?t??tunnel???e??*6to4mp???????,??s?????????e????Net??????????p???????o??????e???system32\DRIVERS\cdrom.sys?S\cdrom.sys????????R??o???????????d???????????????????????????????????????????????s??????????????.4??? ???????o?????o?????o?????????????? ????????????????????????e????????????5?????????????????t??????o?????o????????????????????????????????????????N??o????????h?????\SystemRoot\system32\DRIVERS\amdk8.sys????????0??o?????????e????AMD K8 Processor Driver??????????o??????p???Extended Base????o?o?o?o?o?o?o????N??o???????????d??cpu.inf_amd64_neutral_ae5de2e1bf2793c3??????? ???????n???????????o??????????P???????????????????????t?????????????????????????????????????????P??o????????h?????\SystemRoot\system32\DRIVERS\amdppm.sys???????*??o?????????e????AMD Processor Driver?????????o??????p???Extended Base????o?o?o?o?o?o?o????N??o???????????d??cpu.inf_amd64_neutral_ae5de2e1b
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???s?u??????????????????????11??????? ???????n??????????????????????:????????g???????3????????????0??s?????????e??????<???????????h?????*6to4mp??2???????u??????????????????????M????a?????????sn*??Kernel Streaming Thunks??????????p???y??????????????????p???????????????? ???????n??????????????????????R????????k??tunnel???????????f???0?????????|????????????*6to4mp?????%SystemRoot%\system32\srvsvc.dll????????????tunnel?8AA??????????????????????FSFilter Virtualization?????????????????????????????????????????????????????????? ???????n?????s?????s????????@?????????m?????$??s?????????e????@comres.dll,-2946????????s????????h?????%SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation?????$??s?????????n????@comres.dll,-2947???? 8??s??????????????NT AUTHORITY\NetworkService??????????????????????????????????????????????s?????????????? ????????????????s???????????e??RPCSS?SamSS???????,??s????????????????????????????????????2??s??????????????????SeChangeNotifyPrivilege?????? F??s???????????????s??? ?????????

    ---- EOF - GMER 1.0.15 ----
     
    Blast Dragon,
    #2


  3. to hide this advert.

  4. 2011/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    I still need other logs.
     
    broni,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...