Laptop multple issue.

[ken545]

Hi,

I see destop.ini was removed, it may have been infected,

Go here and post the results
C:\Qoobox\ComboFix-quarantined-files.txt:


You can also try this

Go to Start> Run and type in regedit

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

if there's a value "NoDesktop" with a data value of 1

either delete the value,or change the data value from 1 to 0


Try this, post the log from the quarantine file . There is still more to remove

[rngrgreen]

I checked registry key as suggested the is no item saying nodesktop I have defualt, Value not set, BindDirectlyToPropertySetStorage value 0, and NoDrives value 0


2010-12-11 03:47:50 . 2010-12-11 03:47:50 860 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Sparkplayer (Beta).reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,860 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-NCsoft-Aion.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-LuminaRO Lite Setup 2010-09-12.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 450 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-heRO.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 732 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-AikaOnline.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,872 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,858 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Tetris Game for Windows_is1.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 754 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-storm2.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 650 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Mabinogi.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,718 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Ad-Aware.reg.dat
2010-12-11 03:47:50 . 2010-12-11 03:47:50 1,576 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Activation Assistant for the 2007 Microsoft Office suites.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 1,176 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UpdatePSTShortCut.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 1,208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UpdatePDIRShortCut.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 1,178 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UpdateP2GoShortCut.reg.dat
2010-12-11 03:47:39 . 2010-12-11 03:47:39 868 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Steam.reg.dat
2010-12-11 03:47:38 . 2010-12-11 03:47:38 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Ptovuj.reg.dat
2010-12-11 03:47:38 . 2010-12-11 03:47:38 862 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG8_TRAY.reg.dat
2010-12-11 03:47:37 . 2010-12-11 03:47:37 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Wdf01000.sys.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax_RESTART.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 95 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PlayNC Launcher.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-12-11 03:47:31 . 2010-12-11 03:47:31 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2010-12-11 03:47:30 . 2010-12-11 03:47:30 116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-12-11 03:37:06 . 2010-12-11 03:37:06 202 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ccosm.reg.dat
2010-12-11 03:35:53 . 2010-12-11 03:35:53 1,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_monitor.reg.dat
2010-12-11 03:35:30 . 2010-12-11 03:35:30 9,255 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-11 03:24:35 . 2010-12-11 03:29:07 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-11 23:42:29 . 2010-11-30 03:08:18 7,950 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\stcon.ini.vir
2010-05-17 19:07:31 . 2010-05-17 19:07:32 79,726 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\uninst.exe.vir
2008-10-06 09:03:26 . 2008-10-06 09:03:26 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bsrsrc.ax.vir
2008-10-06 09:03:16 . 2008-10-06 09:03:16 712,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\BsrVideoDec.ax.vir
2008-09-22 10:26:52 . 2008-09-22 10:26:52 11,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mee.db.vir
2008-09-22 08:36:00 . 2008-09-22 08:36:00 217,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\yv12vfw.dll.vir
2008-09-17 07:51:32 . 2008-09-17 07:51:32 28,051 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\current.ecs.vir
2008-09-11 00:38:30 . 2008-09-11 00:38:30 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HBGKSrc.ax.vir
2008-09-11 00:37:36 . 2008-09-11 00:37:36 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HBGKDec.ax.vir
2008-06-25 03:02:08 . 2008-06-25 03:02:08 35,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\sprobe.dll.vir
2008-05-06 03:27:18 . 2008-05-06 03:27:18 364,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\AviSplitter.ax.vir
2008-04-28 09:33:36 . 2008-04-28 09:33:36 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\MovieInfo.dll.vir
2008-04-28 07:40:18 . 2008-04-28 07:40:18 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\rndrmgr.dll.vir
2008-04-25 10:22:18 . 2008-04-25 10:22:18 970,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mps.dll.vir
2008-04-18 11:33:54 . 2008-04-18 11:33:54 425,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\splayers.dll.vir
2008-04-15 09:06:46 . 2008-04-15 09:06:46 197,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\coreavc.ax.vir
2008-04-09 04:33:28 . 2008-04-09 04:33:28 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1wp.ax.vir
2008-03-29 15:42:30 . 2008-03-29 15:42:30 536,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\splitter.ax.vir
2008-03-29 15:42:08 . 2008-03-29 15:42:08 148,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkx.dll.vir
2008-03-29 15:42:04 . 2008-03-29 15:42:04 141,312 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp4.dll.vir
2008-03-29 15:42:00 . 2008-03-29 15:42:00 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ts.dll.vir
2008-03-29 15:41:52 . 2008-03-29 15:41:52 23,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkunicode.dll.vir
2008-03-29 15:41:52 . 2008-03-29 15:41:52 79,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkzlib.dll.vir
2008-03-25 12:58:52 . 2008-03-25 12:58:52 232,103 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\¼ûÁúж¼×.zip.vir
2008-03-25 07:11:02 . 2008-03-25 07:11:02 1,030,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\subdecoder.dll.vir
2008-03-25 03:24:00 . 2008-03-25 03:24:00 438,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RMSplt.ax.vir
2008-03-25 02:32:42 . 2008-03-25 02:32:42 2,991,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Flash.ocx.vir
2008-03-20 11:16:38 . 2008-03-20 11:16:38 439,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\NDParser.ax.vir
2008-03-20 10:54:28 . 2008-03-20 10:54:28 288,040 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\NeMP4Splitter.ax.vir
2008-03-11 06:33:58 . 2008-03-11 06:33:58 473,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\stormliv.exe.vir
2008-03-10 12:26:50 . 2008-03-10 12:26:50 174 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vssver2.scc.vir
2008-03-05 12:13:20 . 2008-03-05 12:13:20 520,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLNavX.ax.vir
2008-03-05 12:13:20 . 2008-03-05 12:13:20 516,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\clvsdx.ax.vir
2008-03-02 10:09:24 . 2008-03-02 10:09:24 2,138,112 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpcvideodec.ax.vir
2008-02-21 09:34:14 . 2008-02-21 09:34:14 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_TomsMoComp.dll.vir
2008-02-21 09:33:54 . 2008-02-21 09:33:54 344,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_kernelDeint.dll.vir
2008-02-21 09:33:46 . 2008-02-21 09:33:46 532,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_xvidcore.dll.vir
2008-02-21 09:33:22 . 2008-02-21 09:33:22 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmplayer.dll.vir
2008-02-21 09:33:12 . 2008-02-21 09:33:12 1,695,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libavcodec.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 2,404,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffdshow.ax.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_liba52.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libdts.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libfaad2.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmad.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmpeg2.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 97,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_realaac.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_samplerate.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_theora.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 81,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_tremor.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 38,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_unrar.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 26,624 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_wmv9.dll.vir
2008-02-21 09:32:32 . 2008-02-21 09:32:32 8,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FLT_ffdshow.dll.vir
2008-02-21 09:16:34 . 2008-02-21 09:16:34 94,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffsource.ax.vir
2008-02-21 09:06:50 . 2008-02-21 09:06:50 5,484,571 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avcodec.dll.vir
2008-02-21 09:06:50 . 2008-02-21 09:06:50 621,974 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avformat.dll.vir
2008-02-21 09:06:50 . 2008-02-21 09:06:50 52,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avutil.dll.vir
2008-02-20 09:19:50 . 2008-02-20 09:19:50 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffmpeg.dll.vir
2008-02-16 08:17:16 . 2008-02-16 08:17:16 409,600 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FLVSplitter.ax.vir
2008-02-01 09:24:04 . 2008-02-01 09:24:04 983,116 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLVc1Dec.ax.vir
2008-02-01 09:24:04 . 2008-02-01 09:24:04 462,921 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dsse.dll.vir
2008-02-01 09:24:04 . 2008-02-01 09:24:04 450,635 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dsse2.dll.vir
2008-02-01 09:24:02 . 2008-02-01 09:24:02 487,491 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dc.dll.vir
2008-02-01 09:24:02 . 2008-02-01 09:24:02 487,497 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dmmx.dll.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 323,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeEssentials.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 3,502,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeH264.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 933,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeInternetExtras.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMPEG4.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 507,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMusic.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 868,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreamingExtras.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 876,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeVR.qtx.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 233,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 13,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 4,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 3,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 18,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 160,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 4,608 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 30,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 40,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 28,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 57,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 5,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 4,608 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 18,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr.vir
2008-01-31 15:13:08 . 2008-01-31 15:13:08 29,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 16,084,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.qts.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 352,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime3GPP.qtx.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 2,637,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.qtx.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 73,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.dll.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 243,200 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 158,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 8,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 8,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll.vir
2008-01-31 15:13:06 . 2008-01-31 15:13:06 9,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 377,040 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CFCharacterSetBitmaps.bitmap.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 323,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CoreVideo.qtx.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 3,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CoreVideo.Resources\CoreVideo.qtr.vir
2008-01-31 15:13:04 . 2008-01-31 15:13:04 3,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr.vir
2008-01-31 15:12:04 . 2008-01-31 15:12:04 65,508 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtxs.vir
2008-01-30 13:17:34 . 2008-01-30 13:17:34 877,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLVSD.ax.vir
2008-01-30 13:16:46 . 2008-01-30 13:16:46 492,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cl264dec.ax.vir
2008-01-30 13:16:14 . 2008-01-30 13:16:14 91,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pthreadVC2.dll.vir
2008-01-30 13:16:06 . 2008-01-30 13:16:06 836,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse2.dll.vir
2008-01-30 13:16:06 . 2008-01-30 13:16:06 845,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse3.dll.vir
2008-01-30 13:16:04 . 2008-01-30 13:16:04 726,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse.dll.vir
2008-01-30 13:16:02 . 2008-01-30 13:16:02 730,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dmmx.dll.vir
2008-01-30 13:16:00 . 2008-01-30 13:16:00 775,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264be.dll.vir
2008-01-18 09:38:38 . 2008-01-18 09:38:38 253,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\LMVRGBxf.dll.vir
2008-01-18 09:38:38 . 2008-01-18 09:38:38 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\LMVYUVxf.dll.vir
2008-01-18 04:44:46 . 2008-01-18 04:44:46 258,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mmamrdmx.ax.vir
2008-01-15 06:44:42 . 2008-01-15 06:44:42 2,928,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\scmpack.dll.vir
2007-12-24 08:55:00 . 2007-12-24 08:55:00 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CUVCcodc.dll.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:57 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\others.xml.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:57 601 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\others.xml.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:57 45 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\toff.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_material_list.xml.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 57 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_material_list.xml.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_style_list.xml.ini.vir
2007-12-19 14:29:50 . 2010-11-30 03:05:56 5,890 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_style_list.xml.vir
2007-12-17 06:44:30 . 2007-12-17 06:44:30 641,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormRes.dll.vir
2007-12-13 04:41:52 . 2007-12-13 04:41:52 64,424 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\stormply.exe.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 289,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Media2.dll.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 35,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\score.dll.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 27,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\sexpert.dll.vir
2007-12-13 04:41:50 . 2007-12-13 04:41:50 72,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\spfa.dll.vir
2007-12-10 04:50:42 . 2007-12-10 04:50:42 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\TomsMoComp_ff.dll.vir
2007-12-10 04:49:52 . 2007-12-10 04:49:52 143,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libmplayer.dll.vir
2007-12-10 04:49:42 . 2007-12-10 04:49:42 1,626,112 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libavcodec.dll.vir
2007-12-10 04:49:06 . 2007-12-10 04:49:06 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libmpeg2_ff.dll.vir
2007-12-04 11:19:22 . 2007-12-04 11:19:22 630,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\divxdec.ax.vir
2007-11-27 09:39:24 . 2007-11-27 09:39:24 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikFileSource.ax.vir
2007-11-27 08:10:10 . 2007-11-27 08:10:10 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikVideoDec.ax.vir
2007-11-19 04:40:12 . 2007-11-19 04:40:12 507,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MP4Splitter.ax.vir
2007-11-16 03:12:18 . 2007-11-16 03:12:18 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikFileSplitter.ax.vir
2007-11-08 08:02:26 . 2007-11-08 08:02:26 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikAudioDec.ax.vir
2007-11-05 02:20:32 . 2007-11-05 02:20:32 90,112 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HIKM4DEC.dll.vir
2007-11-05 02:17:34 . 2007-11-05 02:17:34 184,320 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\H264VDEC.dll.vir
2007-11-02 08:55:18 . 2007-11-02 08:55:18 962,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\empgdmx.ax.vir
2007-10-25 06:47:14 . 2007-10-25 06:47:14 577,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ac3filter.ax.vir
2007-10-10 04:26:08 . 2007-10-10 04:26:08 86,031 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\±©·ç1¾*µä.zip.vir
2007-10-10 04:26:08 . 2007-10-10 04:26:08 108,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\±©·ç2¾*µä.zip.vir
2007-09-21 11:43:12 . 2007-09-21 11:43:12 720,935 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\def\def.flv.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 36 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\empty.swf.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 119,335 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\media4in1.swf.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 117,683 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\mediabp.swf.vir
2007-09-21 11:43:10 . 2007-09-21 11:43:10 95 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\def\def.ini.vir
2007-09-21 11:43:08 . 2007-09-21 11:43:08 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\jscript.dll.vir
2007-09-21 11:43:08 . 2007-09-21 11:43:08 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\msscript.ocx.vir
2007-09-21 11:43:08 . 2007-09-21 11:43:08 413,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\msvcp60.dll.vir
2007-08-27 08:30:18 . 2007-08-27 08:30:18 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\BSPVDEC.dll.vir
2007-08-27 08:30:18 . 2007-08-27 08:30:18 110,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Mp3Decdll.dll.vir
2007-08-08 03:45:34 . 2007-08-08 03:45:34 581,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\nvviddec.ax.vir
2007-07-19 08:59:02 . 2007-07-19 08:59:02 326,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\SonicLicenseManager9.dll.vir
2007-07-11 04:03:04 . 2007-07-11 04:03:04 547 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffdshow.ax.manifest.vir
2007-07-04 21:33:22 . 2007-07-04 21:33:22 892,928 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\iconv.dll.vir
2007-06-28 10:55:18 . 2007-06-28 10:55:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xvid.ax.vir
2007-06-28 10:52:18 . 2007-06-28 10:52:18 765,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xvidcore.dll.vir
2007-06-25 03:27:58 . 2007-06-25 03:27:58 290,816 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ChpSrcFilter.ax.vir
2007-06-13 07:48:50 . 2007-06-13 07:48:50 895,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmvdmod.dll.vir
2007-06-13 07:48:34 . 2007-06-13 07:48:34 396,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\WMADMOD.dll.vir
2007-06-10 22:43:40 . 2007-06-10 22:43:40 230,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DCBassSource.ax.vir
2007-06-04 07:43:42 . 2007-06-04 07:43:42 1,583,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CinemasterAudio.DLL.vir
2007-05-07 14:32:42 . 2007-05-07 14:32:42 352,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DSMSplitter.ax.vir
2007-04-21 06:43:42 . 2007-04-21 06:43:42 356,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpegSplitter.ax.vir
2007-03-30 09:52:18 . 2007-03-30 09:52:18 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\PmpSplt.ax.vir
2007-03-09 20:58:36 . 2007-03-09 20:58:36 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\kdh4.dll.vir
2007-03-09 20:58:36 . 2007-03-09 20:58:36 217,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\kdm4.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 92,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 150,520 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_aac.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 12,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_alac.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 33,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_ape.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 23,616 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_flac.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 18,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_mpc.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 8,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_tta.dll.vir
2007-02-01 23:19:48 . 2007-02-01 23:19:48 28,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_wv.dll.vir
2006-11-14 18:56:12 . 2006-11-14 18:56:12 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\tsccvid.dll.vir
2006-11-02 12:34:46 . 2006-11-02 12:34:46 84,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MP3DMOD.DLL.vir
2006-10-26 11:52:34 . 2006-10-26 11:52:34 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\frapsvid.dll.vir
2006-10-19 03:04:42 . 2006-10-19 03:04:42 565,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\embd3260.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\security.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rmxfpln.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rmxrend.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\security.dll.vir
2006-10-18 15:05:34 . 2006-10-18 15:05:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\tfilesys.dll.vir
2006-10-18 15:05:32 . 2006-10-18 15:05:32 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\audplin.dll.vir
2006-10-18 15:05:32 . 2006-10-18 15:05:32 167,936 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vidplin.dll.vir
2006-10-18 15:05:30 . 2006-10-18 15:05:30 126,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\mp4arender.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 172,032 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\objb3201.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\hxxml.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\mp3fformat.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 151,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\mp3render.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\sdpplin.dll.vir
2006-10-18 15:05:28 . 2006-10-18 15:05:28 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\stubdrm.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 185,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\rmoc3260.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 144,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nppl3260.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 532,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\imgrender.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 110,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rtfformat.dll.vir
2006-10-18 15:05:26 . 2006-10-18 15:05:26 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rtrender.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\atrc.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\cook.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drv1.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drv2.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drvc.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\hxltcolor.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 552,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\raac.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv10.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv20.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv30.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\rv40.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\sipr.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 151,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rarender.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 172,032 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rvrender.dll.vir
2006-10-18 15:05:20 . 2006-10-18 15:05:20 81,920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nprpjplug.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 421,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\pngu3267.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 28,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\pnrs3260.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 28,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\rppr3260.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 524,288 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\rpcl3260.dll.vir
2006-10-18 15:05:18 . 2006-10-18 15:05:18 577,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\rput3260.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 1,310,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Common\pnen3260.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\authmgr.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\clbascauth.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\clntxres.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\httpfsys.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\hxsdp.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\memfsys.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ntlmauth.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 360,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\pacplin.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\plusplin.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\pxcb3210.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ramfformat.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ramrender.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rmfformat.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\rn5auth.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smlfformat.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 532,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smlrender.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smmrender.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\smplfsys.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 376,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vidsite.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 94,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vsrlocal.dll.vir
2006-10-18 15:05:14 . 2006-10-18 15:05:14 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs.vir
2006-10-18 13:47:22 . 2006-10-18 13:47:22 1,382,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmsdmod.dll.vir
2006-10-18 13:47:22 . 2006-10-18 13:47:22 1,543,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\WMVDECOD.dll.vir
2006-10-18 13:47:18 . 2006-10-18 13:47:18 211,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\qasf.dll.vir
2006-10-18 13:47:14 . 2006-10-18 13:47:14 212,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mfplat.dll.vir
2006-10-18 13:47:14 . 2006-10-18 13:47:14 317,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp4sdmod.dll.vir
2006-10-03 11:17:40 . 2006-10-03 11:17:40 344,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RadGtSplitter.ax.vir
2006-09-26 05:44:20 . 2006-09-26 05:44:20 831,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpaDecFilter.ax.vir
2006-09-26 05:44:20 . 2006-09-26 05:44:20 434,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Mpeg2DecFilter.ax.vir
2006-09-14 14:20:42 . 2006-09-14 14:20:42 131,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\npqtplugin.dll.vir
2006-09-03 08:00:00 . 2006-09-03 08:00:00 61,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\acelpdec.ax.vir
2006-09-01 08:14:54 . 2006-09-01 08:14:54 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QuickTimeVR.qtx.vir
2006-09-01 08:14:48 . 2006-09-01 08:14:48 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\QuickTime.qts.vir
2006-07-17 16:00:00 . 2006-07-17 16:00:00 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcr71.dll.vir
2006-03-24 09:01:36 . 2006-03-24 09:01:36 630,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vp7vfw.dll.vir
2005-12-27 12:13:04 . 2005-12-27 12:13:04 458,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\GeoCodec.dll.vir
2005-11-25 20:39:42 . 2005-11-25 20:39:42 368,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\OggSplitter.ax.vir
2005-11-25 20:29:54 . 2005-11-25 20:29:54 331,776 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpaSplitter.ax.vir
2005-11-25 20:15:04 . 2005-11-25 20:15:04 249,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cdxareader.ax.vir
2005-11-25 20:13:28 . 2005-11-25 20:13:28 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cddareader.ax.vir
2005-11-18 05:59:12 . 2005-11-18 05:59:12 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vmnc.dll.vir
2005-09-22 07:11:02 . 2005-09-22 07:11:02 2,394 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nsIQTScriptablePlugin.xpt.vir
2005-09-22 07:11:02 . 2005-09-22 07:11:02 4,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\QuickTimePlugin.class.vir
2005-07-17 06:34:32 . 2005-07-17 06:34:32 49,195 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\cn\embed_cn.dll.vir
2005-06-19 15:08:38 . 2005-06-19 15:08:38 233,472 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\fpsechnd.dll.vir
2005-03-02 04:14:48 . 2005-03-02 04:14:48 32,813 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll.vir
2005-01-28 00:53:20 . 2005-01-28 00:53:20 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmpasf.dll.vir
2004-12-10 02:03:02 . 2004-12-10 02:03:02 438,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vp6vfw.dll.vir
2004-08-31 16:00:00 . 2004-08-31 16:00:00 148,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpg2splt.ax.vir
2004-08-31 16:00:00 . 2004-08-31 16:00:00 14,336 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msdmo.dll.vir
2004-08-18 14:24:18 . 2004-08-18 14:24:18 6,789 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nppl3260.xpt.vir
2004-08-18 14:24:14 . 2004-08-18 14:24:14 531 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt.vir
2004-08-18 07:39:18 . 2004-08-18 07:39:18 98,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\14_43260.dll.vir
2004-08-18 07:39:18 . 2004-08-18 07:39:18 57,383 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\28_83260.dll.vir
2004-08-17 12:00:00 . 2004-08-17 12:00:00 310,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp43dmod.dll.vir
2004-08-17 12:00:00 . 2004-08-17 12:00:00 240,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpg4dmod.dll.vir
2004-08-10 12:49:38 . 2004-08-10 12:49:38 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\ralf.dll.vir
2004-06-29 02:22:00 . 2004-06-29 02:22:00 139,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\oggfformat.dll.vir
2004-06-29 02:22:00 . 2004-06-29 02:22:00 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Plugins\vorbisrend.dll.vir
2004-05-24 03:12:14 . 2004-05-24 03:12:14 204,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\lsvxdec.dll.vir
2004-05-14 04:59:12 . 2004-05-14 04:59:12 6,656 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pndx5016.dll.vir
2004-05-14 04:59:12 . 2004-05-14 04:59:12 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pndx5032.dll.vir
2004-05-14 04:59:10 . 2004-05-14 04:59:10 278,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pncrt.dll.vir
2004-04-05 02:31:02 . 2004-04-05 02:31:02 499,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcp71.dll.vir
2004-03-26 02:48:00 . 2004-03-26 02:48:00 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\VgmSplt.ax.vir
2004-03-12 03:51:00 . 2004-03-12 03:51:00 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vgmv2k2.ax.vir
2004-03-12 03:49:00 . 2004-03-12 03:49:00 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\VgmAudio.ax.vir
2004-02-02 09:15:20 . 2004-02-02 09:15:20 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\v2kdspde.dll.vir
2004-01-10 10:11:10 . 2004-01-10 10:11:10 480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\keys.dat.vir
2004-01-10 10:11:10 . 2004-01-10 10:11:10 480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\keys.dat.vir
2003-11-08 10:34:00 . 2003-11-08 10:34:00 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RLMPCDec.ax.vir
2003-09-26 02:11:00 . 2003-09-26 02:11:00 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vgmbgr.ax.vir
2003-08-18 10:52:00 . 2003-08-18 10:52:00 82,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vdowave.drv.vir
2003-08-08 06:08:54 . 2003-08-08 06:08:54 200,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\scsource.ax.vir
2003-06-23 02:40:20 . 2003-06-23 02:40:20 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DmoDec.dll.vir
2003-05-29 05:41:36 . 2003-05-29 05:41:36 503,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpeg2dmx.ax.vir
2003-04-25 09:22:16 . 2003-04-25 09:22:16 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MZP4_DEC.DLL.vir
2003-04-16 11:19:58 . 2003-04-16 11:19:58 375,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\binkw32.dll.vir
2003-03-26 06:53:20 . 2003-03-26 06:53:20 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\G722ADEC.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 24,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\aasc32.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 71,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\asusasv1.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 92,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\asusasv2.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avidavicodec.dll.vir
2003-03-24 21:49:02 . 2003-03-24 21:49:02 319,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pvmjpg21.dll.vir
2003-02-25 01:32:24 . 2003-02-25 01:32:24 360,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\PVWV220.DLL.vir
2002-12-27 02:18:58 . 2002-12-27 02:18:58 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\TTL2Dec.dll.vir
2002-08-22 07:28:00 . 2002-08-22 07:28:00 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Vid1Dec.dll.vir
2002-07-24 10:35:00 . 2002-07-24 10:35:00 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\ddnt3260.dll.vir
2002-07-24 10:35:00 . 2002-07-24 10:35:00 20,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\dnet3260.dll.vir
2002-05-31 09:40:12 . 2002-05-31 09:40:12 96,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\smackw32.dll.vir
2002-05-15 04:58:38 . 2002-05-15 04:58:38 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\v2k2_dec.dll.vir
2002-04-21 18:13:42 . 2002-04-21 18:13:42 338,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\LCodcCMP.dll.vir
2002-04-20 23:58:52 . 2002-04-20 23:58:52 312,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLRVIDDC.DLL.vir
2002-04-20 23:52:32 . 2002-04-20 23:52:32 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\clrviddd.dll.vir
2001-05-03 07:29:40 . 2001-05-03 07:29:40 307,200 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\icmw_32.dll.vir
2000-08-01 20:41:04 . 2000-08-01 20:41:04 391,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\i263_32.drv.vir
2000-06-08 17:00:00 . 2000-06-08 17:00:00 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\l3codecx.ax.vir
2000-05-17 19:22:40 . 2000-05-17 19:22:40 114,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bw10.dll.vir
2000-03-15 16:56:32 . 2000-03-15 16:56:32 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\voxmsdec.ax.vir
1999-12-10 08:23:16 . 1999-12-10 08:23:16 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Sc726dec.ax.vir
1999-10-29 18:36:40 . 1999-10-29 18:36:40 424,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msms001.vwp.vir
1999-02-03 08:44:00 . 1999-02-03 08:44:00 150,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ativcr2.dll.vir
1996-11-12 02:12:08 . 1996-11-12 02:12:08 76,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\VDODEC32.dll.vir
1996-08-14 04:41:24 . 1996-08-14 04:41:24 88,464 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DECVW_32.DLL.vir

[ken545]

Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe



Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::

Code:

Driver::
ByakkoDriver
XDva285
XDva349

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ByakkoDriver]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[rngrgreen]

Combo Fix Report


ComboFix 10-12-09.04 - owner 12/11/2010 19:36:22.2.2 - x86
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BYAKKODRIVER
-------\Legacy_XDVA285
-------\Legacy_XDVA349
-------\Service_ByakkoDriver
-------\Service_XDva285
-------\Service_XDva349


((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 00:45 . 2010-12-12 00:48 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-12-12 00:45 . 2010-12-12 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 14:53 . 2010-12-11 15:21 -------- d-----w- c:\users\owner\AppData\Roaming\ImgBurn
2010-12-11 14:48 . 2010-12-11 16:44 -------- d-----w- c:\program files\JDownloader
2010-12-11 14:39 . 2010-12-11 14:39 -------- d-----w- c:\program files\ImgBurn
2010-12-11 13:57 . 2010-12-11 13:57 -------- d-----w- c:\users\owner\AppData\Roaming\abgx360
2010-12-11 13:52 . 2010-12-11 13:52 -------- d-----w- c:\program files\abgx360
2010-12-10 19:13 . 2010-12-10 19:13 -------- d-----w- c:\users\owner\AppData\Local\Adobe
2010-12-08 01:33 . 2010-12-08 01:39 -------- d-----w- c:\programdata\SecTaskMan
2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\program files\Security Task Manager
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-12-04 02:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-04 02:48 . 2010-12-04 17:02 -------- d-----w- c:\program files\Alwil Software
2010-12-04 02:48 . 2010-12-04 02:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-04 02:37 . 2010-12-04 02:37 -------- d-----w- C:\43fd38b79586b12192672f43
2010-12-04 02:18 . 2010-12-04 02:46 -------- d-----w- c:\programdata\MFAData
2010-12-03 01:40 . 2010-12-03 01:40 -------- d-----w- c:\programdata\F-Secure
2010-12-03 00:48 . 2010-12-03 01:05 -------- d-----w- C:\SWSetup
2010-12-01 14:25 . 2010-12-01 14:25 -------- d-----w- c:\program files\Belkin
2010-12-01 14:24 . 2010-12-01 14:24 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-12-01 14:04 . 2008-09-26 09:30 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04 . 2008-09-26 09:26 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-30 13:16 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE0DCCB2-19BE-4A1F-916A-42D294D5F9A4}\mpengine.dll
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\users\owner\AppData\Local\Innovative Solutions
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\programdata\Innovative Solutions
2010-11-28 20:25 . 2010-11-28 20:25 -------- d-----w- c:\program files\Innovative Solutions
2010-11-25 14:15 . 2010-11-30 03:05 -------- d-----w- c:\users\owner\AppData\Roaming\DivX
2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-11-25 14:14 . 2010-11-25 14:14 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-25 14:11 . 2010-11-25 14:15 -------- d-----w- c:\program files\DivX
2010-11-25 14:10 . 2010-11-25 14:15 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-10-21 13:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-10-21 13:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 15:41 . 2009-10-02 23:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 02:59 . 2010-06-12 19:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 02:59 . 2010-06-12 19:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 20:56 . 2010-09-22 20:56 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-09-13 13:56 . 2010-10-21 14:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-5-17 1835069]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-19 20:35 2988400 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-24 19:06 323392 ----a-w- c:\users\owner\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-07-19 21:18 171032 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-07-19 21:18 136216 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-07-19 21:18 170520 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 01:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-10 17:10 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-09-26 651264]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-30 3739080]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 528896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\users\owner\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 19:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-12-11 19:55:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 00:55
ComboFix2.txt 2010-12-11 03:48

Pre-Run: 55,366,344,704 bytes free
Post-Run: 61,692,866,560 bytes free

- - End Of File - - 8FCFEB919E142B908832A1C1A519E993

[rngrgreen]

Just to let I still need to use task manager under administrator to start explorer

[ken545]

Did this start after the first run of Combofix ?

Try this


Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

1-Click Ctrl+Alt+Del to open the task manager.
2- In menu "new task" type "explorer". The screen now shows your normal desktop with icons,etc.
3- In Init>run, type regedit and press Enter. This opens the registry.
4-Find HKEY_CURRENT_USER\software\microsoft\windowsNT\CurrentVersion\winlogon
5-Create (with mouse right button) a new sequence value named "shell".
6-double click on it, and attribute the value "explorer.exe". You'll see at the right panel: shell REG_SZ explorer.exe
7-close the tool registry editor and reinitialize the PC. Your PC will boot with the usual desktop with your icons and taskbar.
8- It is wise make a restoration point before step 3,so you can go back to the previous config if something goes wrong.

[rngrgreen]

New sequence that is a dword right called shell
Alos I have checked this before normally this under localmachine is where i have always seen it I am not trying to question your expertise i am just verifying. Please do not get offended. The dword shell is under localmachine...\winlogon
in actually this actually did not start after combofix my cousin which is actully his computer he just told me that he re-enabled UAC and that is what actually caused it to happen. I just caught him running spybot S&D It did find some stuff but before I remove I wanted to let you know what it found. Also he will not be doing anything else After I found this out he now banned from it until you and i are done. Anyway what Spybot found it is attached to big would need multiple posts.

[ken545]

First off , besides having to Task Manager into windows, how is it running overall ?

Since we just do malware removal on this forum, why dont you post in this windows forum about explorer. Let them know what your cousin did and I am sure they can help you get it up and running. There more in tune to windows issues than I .
http://forums.whatthetech.com/index.php?showforum=119

No offense taking

Let me know how it went at the other forum

[rngrgreen]

I will do that besides taskmanager it is running much better. I will let you know how it goes over there

[ken545]

Been at this for over seven years, all us forums work together, as long as you register with your current user name I will find you and add my two cents if needed.