IDP.Trojan.1C8D1A13 & Crypt.AQLW

[jacknjaspa]

Ok I'm not running AVG, when i disabled it earlier it does if form 15 mins so Im assuming it just starts again (not sure.?)

These are the warnings that popped up;
File name C;\windows\system32\VBUS.dll
Threat name idp.trojan.1C8D1A13

File name C;\windows\system32\snapman380.dll
Threat name idp.trojan.1C8D1A13

File name C;\windows\system32\setupnt.dll
Threat name idp.trojan.1C8D1A13

Ill do what you said again & post. (please let me know if i've missed something again or if i should may try to turn off or delete AVG for good?

[oldman960]

Hi jacknjaspa,

Please continue with the rest of the instructions. Disabling AVG for the 15 minutes should be ok. It will restart on it's own.

[jacknjaspa]

2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ZuneWlanCfgSvc.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_zendcoreapache.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Xponaut_WBD.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wpshelper.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wmccdsls.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wlluc48.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wlancfg.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_winachcf.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_whoisd32.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,682 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_websensecamreportserver.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vsdatant.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vmparport.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,816 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_videoacceleratorengine.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,748 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_useraccess.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 4,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_usbatapi2000.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,794 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_USB_RNDIS.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_upperdev.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UPATC.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_uhcd.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UDFReadr.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,580 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tzontservice.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tversitymediaserver.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,552 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TMHIDSRV.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tfsnopio.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 4,070 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_symantecantibotshim.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,634 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_symantecantibotdriver.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,454 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_susbser.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_stllssvr.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,724 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_StickyMesger.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sshrmd.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SrvcEPIOMngr.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sqlserveragent.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sprtsvc_ddoctorv2.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,604 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_spcsutilityservice.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sonytvc.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,660 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_snapman.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_snac.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Sk99202k.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sit_flt.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,448 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SiSRaid2.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,572 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SiRemFil.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,662 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Si3114r5.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_serialkeys.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_se44mgmt.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,508 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SE2Cmdm.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_scsiaccess.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_scarddrv.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sbhooksvc.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,452 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sbcssvc.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sandboxu.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_s616mgmt.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rt73.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rslinxng.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pshost.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_proxyhostdriver.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,512 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pnrouter.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pmsveh.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pilogsrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,458 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_phc600.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,598 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pepifilter.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdlnemsg.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,466 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdlnctdl.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdengine.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,944 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pcscnsrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pavdrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_papycpu2.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_p2psvc.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_oracleorahome92tnslistener.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_opcenum.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ofcpfwsvc.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NxSysMon.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,462 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NWSNS.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NWADI.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ntsyslog.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ntiopnp.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_npfmntor.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nod32krn.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nim32.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_netdevio.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,510 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NCPro.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSFWHLPR.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSCamSvc.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MRESP50a64.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_moufiltr.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,730 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mks_scan.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mfeapfk.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mcvsrte.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Machnm32.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxdm_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxcj_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,642 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxby_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lusbaudio.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,450 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ltxred.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ltmodem5.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_KMW_USB.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ixiaendpoint.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_IWCA.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_IntelC53.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,664 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_igniteservice.exe.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmpmsvc.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmpmdrv.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmfilter.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_iaimtv2.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,650 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_iaimfp2.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HssTrayService.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HSFHWICH.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hsf_dp.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HpqKbFiltr.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HPFECP20.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hidgame.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GTF32BUS.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GT680x.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_freepops.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,790 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_flashcomadmin.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FETNDIS.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_fcprintservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,460 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FA312.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,770 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_epsonbidirectionalagent.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,574 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_epson_pm_rpcv2_02.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_enxpsvc.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_enodpl.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_elnkservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,568 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_EIO_XP.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,468 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_EagleNT.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dtscsi.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dsbrokerservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_driverhardwarev2.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DritekPortIO.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dot4print.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dnwhodisp.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,628 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DM9102.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dlaudfam.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dirms_defragmentation.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_deventagent.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DCamUSBMke.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cq_mem.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,544 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpqdmi.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cmigameport.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_clisvc.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ccalib8.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_CBN.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_CAMFLT.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cachemgr.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bthidenum.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,700 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_btfirst.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BrPar.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,588 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bridgemp.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BoiHwsetup.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,644 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bhmonitorservice.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bglivesvc.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,462 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_besclient.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,906 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_belgium_id_card_service.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,686 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_beatjammusicstreamingserver.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bcm43xx.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,600 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_backuplauncher.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,502 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AVerBDA.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AVCSTRM.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,496 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aswmon2.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ASMMAP.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aslm75.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_appnnode.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_antivirservice.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ANC.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ami0nt.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AlKernel.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aksusb.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_admjoy.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,488 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_61883.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 3,452 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_3dkeybd.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 3,562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_2wirepcp.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,096 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZUNEWLANCFGSVC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,096 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZENDCOREAPACHE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,084 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_XPONAUT_WBD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WPSHELPER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WMCCDSLS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WLLUC48.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WLANCFG.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WINACHCF.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WHOISD32.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WEBSENSECAMREPORTSERVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VSDATANT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VMPARPORT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VIDEOACCELERATORENGINE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USERACCESS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USB_RNDIS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,138 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USBATAPI2000.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UPPERDEV.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UPATC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 992 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UHCD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UDFREADR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TZONTSERVICE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,144 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TVERSITYMEDIASERVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TMHIDSRV.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TFSNOPIO.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,212 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYMANTECANTIBOTSHIM.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYMANTECANTIBOTDRIVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,022 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SUSBSER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_STLLSSVR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,092 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_STICKYMESGER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SSHRMD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,072 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SRVCEPIOMNGR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SQLSERVERAGENT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SPRTSVC_DDOCTORV2.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SPCSUTILITYSERVICE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SONYTVC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SNAPMAN.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SK99202K.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 998 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SNAC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SIT_FLT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SISRAID2.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SIREMFIL.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,054 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SI3114R5.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SERIALKEYS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SE44MGMT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SE2CMDM.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SCSIACCESS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SCARDDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SBHOOKSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SBCSSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SANDBOXU.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_S616MGMT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 994 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RT73.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RSLINXNG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PSHOST.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PROXYHOSTDRIVER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PNROUTER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PMSVEH.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PILOGSRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PHC600.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,062 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PEPIFILTER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDLNEMSG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDLNCTDL.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDENGINE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PCSCNSRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PAVDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PAPYCPU2.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_P2PSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,214 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ORACLEORAHOME92TNSLISTENER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_OPCENUM.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,090 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_OFCPFWSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NXSYSMON.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,006 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NWSNS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NWADI.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NTSYSLOG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NTIOPNP.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPFMNTOR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NOD32KRN.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,012 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NIM32.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NETDEVIO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NCPRO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSFWHLPR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSCAMSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MRESP50A64.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MOUFILTR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MKS_SCAN.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MFEAPFK.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MACHNM32.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MCVSRTE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXDM_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,062 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXCJ_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXBY_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LUSBAUDIO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LTXRED.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LTMODEM5.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_KMW_USB.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IXIAENDPOINT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IWCA.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_INTELC53.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,126 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IGNITESERVICE.EXE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMPMSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMPMDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMFILTER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAIMTV2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAIMFP2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSSTRAYSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSFHWICH.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSF_DP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HPQKBFILTR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HPFECP20.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HIDGAME.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GTF32BUS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GT680X.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FREEPOPS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,086 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FLASHCOMADMIN.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FETNDIS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FCPRINTSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,004 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FA312.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EPSON_PM_RPCV2_02.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EPSONBIDIRECTIONALAGENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ENXPSVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ENODPL.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ELNKSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EIO_XP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EAGLENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DTSCSI.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DRIVERHARDWAREV2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DSBROKERSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,076 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DRITEKPORTIO.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DOT4PRINT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DNWHODISP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DM9102.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DLAUDFAM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 806 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DKTKNSRV.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DIRMS_DEFRAGMENTATION.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DEVENTAGENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DCAMUSBMKE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CQ_MEM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPQDMI.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CMIGAMEPORT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CLISVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CCALIB8.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CBN.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CAMFLT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CACHEMGR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTHIDENUM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTFIRST.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BRPAR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BRIDGEMP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BOIHWSETUP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BHMONITORSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BGLIVESVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BESCLIENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,216 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BELGIUM_ID_CARD_SERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BEATJAMMUSICSTREAMINGSERVER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BCM43XX.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,098 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BACKUPLAUNCHER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AVERBDA.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AVCSTRM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASMMAP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASWMON2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASLM75.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_APPNNODE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,098 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANTIVIRSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AMI0NT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ALKERNEL.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AKSUSB.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ADMJOY.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_61883.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_3DKEYBD.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_2WIREPCP.reg.dat
2012-04-27 22:12:27 . 2012-04-28 01:02:54 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-04-27 10:47:40 . 2012-04-27 10:47:40 1,306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Fortress 2012.reg.dat
2012-04-27 10:47:40 . 2012-04-27 10:47:40 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RewardsArcade.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-51110031.sys.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38545416.sys.reg.dat
2012-04-27 10:47:22 . 2012-04-27 10:47:22 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-04-27 10:46:42 . 2012-04-27 10:46:42 373 ----a-w- C:\Qoobox\Quarantine\G\av1.zip
2012-04-27 10:46:42 . 2007-10-22 19:54:10 90 ----a-w- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
2012-04-27 01:30:58 . 2012-04-28 01:17:02 16,497 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-27 00:25:58 . 2012-04-28 01:01:33 459 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-04-23 06:07:24 . 2012-04-23 06:07:24 734 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Ypaxad\dowii.xet.vir
2012-04-23 00:27:56 . 2012-04-23 00:27:56 745 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Ypaxad\dowii.tmp.vir
2012-02-26 00:53:08 . 2012-04-23 06:07:24 1,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Rofeen\koec.unf.vir
2012-01-02 00:41:15 . 2012-01-02 00:41:15 376,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\Uninstall.exe.vir
2011-11-03 17:39:18 . 2011-11-03 17:39:18 313,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.exe.vir
2011-11-03 17:38:44 . 2011-11-03 17:38:44 528,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.dll.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 36,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\appAPIinternalWrapper.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 16,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\fb.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 172,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\jquery.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 10,795 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\json.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 2,512,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\UserConfirmation.exe.vir
2011-07-30 11:32:26 . 2011-07-30 11:32:24 113,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg.vir
2011-07-30 11:29:20 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe.vir
2011-07-30 11:23:28 . 2011-07-30 11:32:02 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe.vir
2011-07-30 11:22:21 . 2009-05-22 09:15:42 316,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe.vir
2011-07-30 11:19:54 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 30,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 46,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 218,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
2011-06-16 19:01:01 . 2011-02-22 23:06:28 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1FE.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 11,080,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET203.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET205.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET209.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20A.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 5,962,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20B.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 1,210,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20F.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET210.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C8.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C7.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:11 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1D2.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:12 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C1.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:11 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CC.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:12 1,211,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C2.tmp.vir
2011-06-16 05:23:41 . 2011-05-30 22:19:48 5,964,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C6.tmp.vir
2011-05-12 22:52:39 . 2011-05-12 22:52:39 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2011-05-12 22:52:39 . 2003-02-20 20:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2011-04-26 02:11:12 . 2011-04-26 02:11:12 11,081,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CE.tmp.vir
2010-11-14 12:38:53 . 2010-11-14 12:38:55 3,072 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2009-09-04 12:37:03 . 2008-09-02 11:51:48 81,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\pub1DD.tmp.vir
2009-09-04 12:36:52 . 2007-10-15 21:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP318.tmp.vir
2009-09-04 12:36:52 . 2007-10-17 21:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP3D1.tmp.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 551,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir
2007-11-07 00:03:18 . 2007-11-07 00:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2006-10-18 13:47:20 . 2006-10-18 13:47:20 8,231,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBE.tmp.vir
2003-02-20 21:16:08 . 2003-02-20 21:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir

[jacknjaspa]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cameron :: B03F21AE66BF49C [administrator]

28/04/2012 9:38:35 AM
mbam-log-2012-04-28 (09-38-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316841
Time elapsed: 25 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 57
C:\Documents and Settings\Cameron\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Desktop\SoftonicDownloader_for_erunt.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\i4b472809738689536405.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\i4b1979056293502111196.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\khy8gcqy.tmp\installer_toggle_english.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)

[oldman960]

Hi jacknjaspa,

The MBAM log looks good. The log you posted was the qurantine log. The log I need is the combofix log. You can find it on the C:\ drive it is named combofix.txt

[jacknjaspa]

Sorry about that. I'm at work, will do when I get home in couple hours

[jacknjaspa]

ComboFix 12-04-26.01 - Cameron 28/04/2012 9:02.4.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Cameron\Application Data\Rofeen
c:\documents and settings\Cameron\Application Data\Rofeen\koec.unf
c:\documents and settings\Cameron\Application Data\Uqycux
c:\documents and settings\Cameron\Application Data\Ydod
c:\documents and settings\Cameron\Application Data\Ypaxad
c:\documents and settings\Cameron\Application Data\Ypaxad\dowii.tmp
c:\documents and settings\Cameron\Application Data\Ypaxad\dowii.xet
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-27 22:05 . 2012-04-27 22:34 -------- d-----w- C:\jgh
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-27 23:43 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-28 01:01 . 2012-04-28 01:01 16384 c:\windows\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 09:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-28 09:19:41
ComboFix-quarantined-files.txt 2012-04-28 01:19
ComboFix2.txt 2012-04-27 22:34
ComboFix3.txt 2012-04-27 10:48
.
Pre-Run: 40,304,840,704 bytes free
Post-Run: 40,337,424,384 bytes free
.
- - End Of File - - 564515F3D5A51A4F672DC22717D35676

[oldman960]

Hi jacknjaspa,


Please follow all previous instructions regarding security programs.

Open a new Notepad session

• Click the Start button, click run
• in the run box type notepad
• click ok
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code:

File::
C:\windows\system32\us30service.dll   
C:\windows\system32\msgame.dll   
C:\windows\system32\irbus.dll   
C:\windows\system32\PSDNServ.dll   
C:\windows\system32\adobeversioncue.dll   
C:\windows\system32\pid_0928.dll   
C:\windows\system32\fetnd5bv.dll   
C:\windows\system32\Machnm32.dll   
C:\windows\system32\TeamViewer.dll   
C:\windows\system32\DCamUSBSQTECH.dll   
C:\windows\system32\WinVd32.dll   
C:\windows\system32\sthda.dll   
C:\windows\system32\mrpostman.dll   
C:\windows\system32\asp.net_2.0.50727.dll   
C:\windows\system32\tsircsrv.dll   
C:\windows\system32\wusb54gv2svc.dll   
C:\windows\system32\rpclocator.dll   
C:\windows\system32\nvmd.dll   
C:\windows\system32\AdfuUd.dll   
C:\windows\system32\nvgts.dll   
C:\windows\system32\pctavsvc.dll   
C:\windows\system32\cccredmgr.dll   
C:\windows\system32\EagleNT.dll   
C:\windows\system32\ndasbus.dll   
C:\windows\system32\hdaudbus.dll
C:\windows\system32\sentinelprotectionserver.dll   
C:\windows\system32\yats32.dll   
C:\windows\system32\LMIRfsClientNP.dll   
C:\windows\system32\DgiVecp.dll   
C:\windows\system32\ccevtmgr.dll   
C:\windows\system32\bt.dll   
C:\windows\system32\hap17v2k.dll   
C:\windows\system32\AdobeActiveFileMonitor6.0.dll   
C:\windows\system32\clipsrv.dll   
C:\windows\system32\z800mdm.dll   
C:\windows\system32\BrScnUsb.dll   
C:\windows\system32\sr_service.dll   
C:\windows\system32\clnt_clientman.dll   
C:\windows\system32\s125mdm.dll   
C:\windows\system32\W55U01.dll   
C:\windows\system32\psdvdisk.dll   
C:\windows\system32\qbposdbservices.dll   
C:\windows\system32\NWUSBModem.dll   
C:\windows\system32\CDRPDACC.dll   
C:\windows\system32\U81xmgmt.dll   
C:\windows\system32\Spsmqvsm.dll   
C:\windows\system32\lanmanserver.dll   
C:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll   
C:\windows\system32\tga.dll
C:\windows\system32\NWDHCP.dll   
C:\windows\system32\pfmodnt.dll   
C:\windows\system32\viaudio.dll   
C:\windows\system32\ATMsrvc.dll   
C:\windows\system32\ksthunk.dll   
C:\windows\system32\bthusb.dll   
C:\windows\system32\fsRamDsk.dll   
C:\windows\system32\navapel.dll   
C:\windows\system32\bt3cusb.dll   
C:\windows\system32\p2pimsvc.dll   
C:\windows\system32\MREMP50a64.dll   
C:\windows\system32\oracle%oracle_home_service%clientcache80.dll   
C:\windows\system32\websenselogserver.dll   
C:\windows\system32\snareiis.dll   
C:\windows\system32\SNP2STD.dll   
C:\windows\system32\SetupNT.dll   
C:\windows\system32\dnetc.dll   
C:\windows\system32\RioS30.dll   
C:\windows\system32\lxdm_device.dll   
C:\windows\system32\cpsvc.dll   
C:\windows\system32\iAimTV5.dll   
C:\windows\system32\Wbutton.dll   
C:\windows\system32\atitool.dll   
C:\windows\system32\bvrp_pci.dll
C:\windows\system32\AmdLLD.dll   
C:\windows\system32\CoolerXPDriver.dll   
C:\windows\system32\adpu320.dll   
C:\windows\system32\asusgsb.dll   
C:\windows\system32\NWSNS.dll   
C:\windows\system32\RR2Ctrl.dll   
C:\windows\system32\ikhlayer.dll   
C:\windows\system32\processor.dll   
C:\windows\system32\2wirepcp.dll   
C:\windows\system32\intelppm.dll   
C:\windows\system32\vsbus.dll   
C:\windows\system32\backupexecnamingservice.dll   
C:\windows\system32\aswrdr.dll   
C:\windows\system32\NSSvcMgr.dll   
C:\windows\system32\RTLE8023xp.dll   
C:\windows\system32\Xyz777s.dll   
C:\windows\system32\USB_NDIS_51.dll   
C:\windows\system32\amfilter.dll   
C:\windows\system32\WUSB54Gv4SVC.dll   
C:\windows\system32\bwcsrv.dll   
C:\windows\system32\ultra.dll   
C:\windows\system32\lwwlicenseservice.dll   
C:\windows\system32\SiSRaid.dll  
C:\windows\system32\idsvc.dll   
C:\windows\system32\NuidFltr.dll   
C:\windows\system32\NtMtlFax.dll   
C:\windows\system32\wencrservice.dll   
C:\windows\system32\ireike.dll   
c:\windows\system32\sffdisk.dll   
C:\windows\system32\i8042prt.dll   
C:\windows\system32\msgame.dll   
C:\windows\system32\rt61.dll   
C:\windows\system32\spbbcsvc.dll   
C:\windows\system32\stirusb.dll   
C:\windows\system32\RivaTuner32.dll   
C:\windows\system32\btserial.dll   
C:\windows\system32\snapman380.dll   
C:\windows\system32\lmimirr.dll   
C:\windows\system32\TPECioCtl.dll   
C:\windows\system32\UWProSys.dll   
C:\windows\system32\avcgbfl.dll   
C:\windows\system32\dns4meclient.dll   
C:\windows\system32\sysaidagent.dll   
C:\windows\system32\service.dll   
C:\windows\system32\CoachUsb.dll   
C:\windows\system32\pdlnshay.dll   
C:\windows\system32\ghostsec.dll
C:\windows\system32\DSI_SiUSBXp_3_1.dll   
C:\windows\system32\smapint.dll   
C:\windows\system32\db2governor.dll   
C:\windows\system32\AppnApi.dll
C:\windows\system32\ICAM5USB.dll   
C:\windows\system32\om518p.dll   
C:\windows\system32\protexislicensing.dll   
C:\windows\system32\se59mgmt.dll   
C:\windows\system32\ql12160.dll   
C:\windows\system32\odysseyIM4.dll   
C:\windows\system32\dlcc_device.dll   
C:\windows\system32\DSXUSB.dll   
C:\windows\system32\ctxcpubal.dll   
C:\windows\system32\ipodsrv.dll   
C:\windows\system32\NTIDrvr.dll   
C:\windows\system32\msk80service.dll   
C:\windows\system32\WinFl32.dll   
C:\windows\system32\Sunkfiltp.dll   
C:\windows\system32\lpx.dll   
C:\windows\system32\pdlnafac.dll   
C:\windows\system32\x10nets.dll   
C:\windows\system32\nvrd64.dll   
C:\windows\system32\rdpdr.dll   
C:\windows\system32\nvata.dll 
C:\windows\system32\retroexplauncher.dll   
C:\windows\system32\twotrack.dll   
C:\windows\system32\VC6SecS.dll   
C:\windows\system32\aswrdr.dll   
C:\windows\system32\nvedavt.dll   
C:\windows\system32\LHidUsbK.dll   
C:\windows\system32\statusagent4.dll   
 C:\windows\system32\SMNDIS5.dll   
C:\windows\system32\edspport.dll   
C:\windows\system32\wlancig.dll   
C:\windows\system32\pdcomp.dll   
C:\windows\system32\uagp35.dll   
C:\windows\system32\rspndr.dll   
C:\windows\system32\UNDPX2A.dll   
C:\windows\system32\traprcvr.dll   
C:\windows\system32\TPPWRIF.dll   
C:\windows\system32\rimsptsk.dll   
C:\windows\system32\pdiddcci.dll   
C:\windows\system32\slabser.dll   
C:\windows\system32\ppa3.dll   
C:\windows\system32\messenger.dll   
C:\windows\system32\rksample.dll   
C:\windows\system32\roxliveshare9.dll   
C:\windows\system32\Defrag32.dll   
C:\windows\system32\prismxl.dll   
C:\windows\system32\wfxsvc.dll

In the notepad

• Click File, Save as..., and set the Save in to your Desktop
• In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
• Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Please post the combofix log.

How's the computer?

Any more AVG detections?

[jacknjaspa]

ComboFix 12-04-26.01 - Cameron 29/04/2012 8:52.6.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\2wirepcp.dll"
"c:\windows\system32\AdfuUd.dll"
"c:\windows\system32\AdobeActiveFileMonitor6.0.dll"
"c:\windows\system32\adobeversioncue.dll"
"c:\windows\system32\adpu320.dll"
"c:\windows\system32\AmdLLD.dll"
"c:\windows\system32\amfilter.dll"
"c:\windows\system32\AppnApi.dll"
"c:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll"
"c:\windows\system32\asp.net_2.0.50727.dll"
"c:\windows\system32\asusgsb.dll"
"c:\windows\system32\aswrdr.dll"
"c:\windows\system32\atitool.dll"
"c:\windows\system32\ATMsrvc.dll"
"c:\windows\system32\avcgbfl.dll"
"c:\windows\system32\backupexecnamingservice.dll"
"c:\windows\system32\BrScnUsb.dll"
"c:\windows\system32\bt.dll"
"c:\windows\system32\bt3cusb.dll"
"c:\windows\system32\bthusb.dll"
"c:\windows\system32\btserial.dll"
"c:\windows\system32\bvrp_pci.dll"
"c:\windows\system32\bwcsrv.dll"
"c:\windows\system32\cccredmgr.dll"
"c:\windows\system32\ccevtmgr.dll"
"c:\windows\system32\CDRPDACC.dll"
"c:\windows\system32\clipsrv.dll"
"c:\windows\system32\clnt_clientman.dll"
"c:\windows\system32\CoachUsb.dll"
"c:\windows\system32\CoolerXPDriver.dll"
"c:\windows\system32\cpsvc.dll"
"c:\windows\system32\ctxcpubal.dll"
"c:\windows\system32\db2governor.dll"
"c:\windows\system32\DCamUSBSQTECH.dll"
"c:\windows\system32\Defrag32.dll"
"c:\windows\system32\DgiVecp.dll"
"c:\windows\system32\dlcc_device.dll"
"c:\windows\system32\dnetc.dll"
"c:\windows\system32\dns4meclient.dll"
"c:\windows\system32\DSI_SiUSBXp_3_1.dll"
"c:\windows\system32\DSXUSB.dll"
"c:\windows\system32\EagleNT.dll"
"c:\windows\system32\edspport.dll"
"c:\windows\system32\fetnd5bv.dll"
"c:\windows\system32\fsRamDsk.dll"
"c:\windows\system32\ghostsec.dll"
"c:\windows\system32\hap17v2k.dll"
"c:\windows\system32\hdaudbus.dll"
"c:\windows\system32\i8042prt.dll"
"c:\windows\system32\iAimTV5.dll"
"c:\windows\system32\ICAM5USB.dll"
"c:\windows\system32\idsvc.dll"
"c:\windows\system32\ikhlayer.dll"
"c:\windows\system32\intelppm.dll"
"c:\windows\system32\ipodsrv.dll"
"c:\windows\system32\irbus.dll"
"c:\windows\system32\ireike.dll"
"c:\windows\system32\ksthunk.dll"
"c:\windows\system32\lanmanserver.dll"
"c:\windows\system32\LHidUsbK.dll"
"c:\windows\system32\lmimirr.dll"
"c:\windows\system32\LMIRfsClientNP.dll"
"c:\windows\system32\lpx.dll"
"c:\windows\system32\lwwlicenseservice.dll"
"c:\windows\system32\lxdm_device.dll"
"c:\windows\system32\Machnm32.dll"
"c:\windows\system32\messenger.dll"
"c:\windows\system32\MREMP50a64.dll"
"c:\windows\system32\mrpostman.dll"
"c:\windows\system32\msgame.dll"
"c:\windows\system32\msk80service.dll"
"c:\windows\system32\navapel.dll"
"c:\windows\system32\ndasbus.dll"
"c:\windows\system32\NSSvcMgr.dll"
"c:\windows\system32\NTIDrvr.dll"
"c:\windows\system32\NtMtlFax.dll"
"c:\windows\system32\NuidFltr.dll"
"c:\windows\system32\nvata.dll"
"c:\windows\system32\nvedavt.dll"
"c:\windows\system32\nvgts.dll"
"c:\windows\system32\nvmd.dll"
"c:\windows\system32\nvrd64.dll"
"c:\windows\system32\NWDHCP.dll"
"c:\windows\system32\NWSNS.dll"
"c:\windows\system32\NWUSBModem.dll"
"c:\windows\system32\odysseyIM4.dll"
"c:\windows\system32\om518p.dll"
"c:\windows\system32\oracle%oracle_home_service%clientcache80.dll"
"c:\windows\system32\p2pimsvc.dll"
"c:\windows\system32\pctavsvc.dll"
"c:\windows\system32\pdcomp.dll"
"c:\windows\system32\pdiddcci.dll"
"c:\windows\system32\pdlnafac.dll"
"c:\windows\system32\pdlnshay.dll"
"c:\windows\system32\pfmodnt.dll"
"c:\windows\system32\pid_0928.dll"
"c:\windows\system32\ppa3.dll"
"c:\windows\system32\prismxl.dll"
"c:\windows\system32\processor.dll"
"c:\windows\system32\protexislicensing.dll"
"c:\windows\system32\PSDNServ.dll"
"c:\windows\system32\psdvdisk.dll"
"c:\windows\system32\qbposdbservices.dll"
"c:\windows\system32\ql12160.dll"
"c:\windows\system32\rdpdr.dll"
"c:\windows\system32\retroexplauncher.dll"
"c:\windows\system32\rimsptsk.dll"
"c:\windows\system32\RioS30.dll"
"c:\windows\system32\RivaTuner32.dll"
"c:\windows\system32\rksample.dll"
"c:\windows\system32\roxliveshare9.dll"
"c:\windows\system32\rpclocator.dll"
"c:\windows\system32\RR2Ctrl.dll"
"c:\windows\system32\rspndr.dll"
"c:\windows\system32\rt61.dll"
"c:\windows\system32\RTLE8023xp.dll"
"c:\windows\system32\s125mdm.dll"
"c:\windows\system32\se59mgmt.dll"
"c:\windows\system32\sentinelprotectionserver.dll"
"c:\windows\system32\service.dll"
"c:\windows\system32\SetupNT.dll"
"c:\windows\system32\sffdisk.dll"
"c:\windows\system32\SiSRaid.dll"
"c:\windows\system32\slabser.dll"
"c:\windows\system32\smapint.dll"
"c:\windows\system32\SMNDIS5.dll"
"c:\windows\system32\snapman380.dll"
"c:\windows\system32\snareiis.dll"
"c:\windows\system32\SNP2STD.dll"
"c:\windows\system32\spbbcsvc.dll"
"c:\windows\system32\Spsmqvsm.dll"
"c:\windows\system32\sr_service.dll"
"c:\windows\system32\statusagent4.dll"
"c:\windows\system32\sthda.dll"
"c:\windows\system32\stirusb.dll"
"c:\windows\system32\Sunkfiltp.dll"
"c:\windows\system32\sysaidagent.dll"
"c:\windows\system32\TeamViewer.dll"
"c:\windows\system32\tga.dll"
"c:\windows\system32\TPECioCtl.dll"
"c:\windows\system32\TPPWRIF.dll"
"c:\windows\system32\traprcvr.dll"
"c:\windows\system32\tsircsrv.dll"
"c:\windows\system32\twotrack.dll"
"c:\windows\system32\U81xmgmt.dll"
"c:\windows\system32\uagp35.dll"
"c:\windows\system32\ultra.dll"
"c:\windows\system32\UNDPX2A.dll"
"c:\windows\system32\us30service.dll"
"c:\windows\system32\USB_NDIS_51.dll"
"c:\windows\system32\UWProSys.dll"
"c:\windows\system32\VC6SecS.dll"
"c:\windows\system32\viaudio.dll"
"c:\windows\system32\vsbus.dll"
"c:\windows\system32\W55U01.dll"
"c:\windows\system32\Wbutton.dll"
"c:\windows\system32\websenselogserver.dll"
"c:\windows\system32\wencrservice.dll"
"c:\windows\system32\wfxsvc.dll"
"c:\windows\system32\WinFl32.dll"
"c:\windows\system32\WinVd32.dll"
"c:\windows\system32\wlancig.dll"
"c:\windows\system32\wusb54gv2svc.dll"
"c:\windows\system32\WUSB54Gv4SVC.dll"
"c:\windows\system32\x10nets.dll"
"c:\windows\system32\Xyz777s.dll"
"c:\windows\system32\yats32.dll"
"c:\windows\system32\z800mdm.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-28 01:47 . 2012-04-28 01:47 -------- d-----w- C:\iso
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\documents and settings\Cameron\Application Data\Malwarebytes
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 01:37 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 22:05 . 2012-04-27 22:34 -------- d-----w- C:\jgh
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-28 01:46 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-29 00:51 . 2012-04-29 00:51 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 09:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-29 09:08:52
ComboFix-quarantined-files.txt 2012-04-29 01:08
ComboFix2.txt 2012-04-28 01:19
ComboFix3.txt 2012-04-27 22:34
ComboFix4.txt 2012-04-27 10:48
.
Pre-Run: 35,518,259,200 bytes free
Post-Run: 35,518,197,760 bytes free
.
- - End Of File - - DD853BF5336988CE58D449306C09E703

[oldman960]

Hi jacknjaspa,

How's the computer? The logs look ok now.

Your java is out of date. Click your start button, open Control panel.

• Locate the Java icon (it looks like a coffee cup)
• double click it to open it
• click the Update tab
• Click update now

After the java is updated, reboot your computer if not prompted to.


Next

Next, Double click on OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
• Do Not copy the word CODE
• please note the fix starts with the :

Code:

:Services

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

• Let the program run unhindered
• Please save the resulting log to be posted in your next reply.
  

Please post the OTL fix log.


Next

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• When the scan completes, click List of found threats
• click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
• Include the contents of this report in your next reply
  
  Note - when ESET doesn't find any threats, no report will be created.
  
• Push the back button.
• Push Finish
• Re-enable your Antivirus software.

Please post back with the

• OTL fix log
• ESET log if there was one

Any issues?