IDP.Trojan.1C8D1A13 & Crypt.AQLW

Status
Not open for further replies.
Hi jacknjaspa,



Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1or Link 2 to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    -Tools->Options->Main tab
    -Set to "Always ask me where to Save the files".
  • During the download, before you save it to your desktop, rename Combofix to jgh.exe

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------​
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------​
  • Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]

Please post back with
  • combofix log
How is the computer?

Thanks
 
Hi there its taken a long time but finally gone thoguh to the following;
System file is infected!! Attempting to restore
"C:WINDOWS\system32\drivers\cdrom.sys"
Suceesfully restored:)


It's now been hanging on this for over 15 minutes.....do I just keep waiting?
 
Hope I haven't stuffed it up. I ended up closing the window as nothing happened for nearly 25 mins.

I had to restart the pc but cant find the combofix.txt file (did search on c drive but nothing there). Have i done something wrong?
 
Hi jacknjaspa,

Sometimes it takes quite a while for the log especially on a heavily infected machie. Have a look in C:\Qoobox for a file named ComboFix-quarantined-files.txt

If it's there please post it.

Rerun combofix, it may look like it's stalled but if there is any hint of hard drive activity it's still running. It may have fixed somethings in the first run and may run quicker this time.

Post the combofix log when you get it.
 
Ok. Back home form work & ran it again & just left it alone for half an hour. Came back & log.txt was opened & Im assuming this is the correct file (I hope so & sorry if its not.


ComboFix 12-04-26.01 - Cameron 27/04/2012 18:31:21.2.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe
c:\documents and settings\Cameron.old\WINDOWS
c:\documents and settings\Cameron\My Documents\$AP318.tmp
c:\documents and settings\Cameron\My Documents\$AP3D1.tmp
c:\documents and settings\Cameron\My Documents\pub1DD.tmp
C:\install.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\Internet Explorer\SET1D2.tmp
c:\program files\Internet Explorer\SET1FE.tmp
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
C:\Thumbs.db
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
G:\AUTORUN.INF
.
-- Previous Run --
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP407\A0089135.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-23 00:07 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\Cameron\Application Data\Uqycux
2012-04-23 00:07 . 2012-04-23 00:07 -------- d-----w- c:\documents and settings\Cameron\Application Data\Rofeen
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-22 15:47 . 2012-04-24 05:12 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ydod
2012-04-22 15:47 . 2012-04-23 00:28 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ypaxad
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-19 02:23 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
sqlserveragent
AVCSTRM
websensecamreportserver
vsdatant
zendcoreapache
epson_pm_rpcv2_02
MRESP50a64
ami0nt
UPATC
proxyhostdriver
AlKernel
Xponaut_WBD
beatjammusicstreamingserver
s616mgmt
nod32krn
btfirst
cpqdmi
symantecantibotshim
NWSNS
cachemgr
enodpl
HssTrayService
deventagent
sbcssvc
Sk99202k
useraccess
phc600
ibmpmsvc
FETNDIS
rt73
antivirservice
stllssvr
flashcomadmin
papycpu2
pilogsrv
epsonbidirectionalagent
ibmfilter
lxby_device
sit_flt
EagleNT
mfeapfk
videoacceleratorengine
rslinxng
vmparport
BoiHwsetup
usbatapi2000
igniteservice.exe
bthidenum
ltxred
p2psvc
HPFECP20
IWCA
UDFReadr
wpshelper
serialkeys
cq_mem
fcprintservice
lxcj_device
CAMFLT
MSFWHLPR
pcscnsrv
uhcd
bcm43xx
61883
GT680x
oracleorahome92tnslistener
GTF32BUS
ibmpmdrv
IntelC53
FA312
ZuneWlanCfgSvc
spcsutilityservice
tzontservice
enxpsvc
HpqKbFiltr
3dkeybd
pshost
pdlnctdl
wlluc48
KMW_USB
aksusb
wlancfg
hsf_dp
moufiltr
mks_scan
dktknsrv
aswmon2
dot4print
EIO_XP
SE2Cmdm
snapman
Si3114r5
hidgame
dirms_defragmentation
elnkservice
DM9102
pdlnemsg
dnwhodisp
NCPro
upperdev
npfmntor
aslm75
lusbaudio
bhmonitorservice
SiRemFil
whoisd32
tfsnopio
CBN
se44mgmt
opcenum
ANC
appnnode
dlaudfam
AVerBDA
bglivesvc
ASMMAP
clisvc
snac
pepifilter
dtscsi
sprtsvc_ddoctorv2
NWADI
MSCamSvc
2wirepcp
freepops
USB_RNDIS
sandboxu
BrPar
scarddrv
wmccdsls
lxdm_device
StickyMesger
cmigameport
ixiaendpoint
Machnm32
symantecantibotdriver
bridgemp
driverhardwarev2
TMHIDSRV
dsbrokerservice
DCamUSBMke
ntiopnp
NxSysMon
pdengine
besclient
iaimfp2
pmsveh
SiSRaid2
DritekPortIO
sshrmd
sonytvc
pavdrv
nim32
scsiaccess
admjoy
ofcpfwsvc
ntsyslog
netdevio
mcvsrte
pnrouter
SrvcEPIOMngr
backuplauncher
ltmodem5
sbhooksvc
iaimtv2
HSFHWICH
belgium_id_card_service
ccalib8
tversitymediaserver
winachcf
susbser
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-38545416.sys
SafeBoot-51110031.sys
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
AddRemove-Smart Fortress 2012 - c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E\F4D55F2C000BBBB74E027CC6D151FC4E.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 18:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-27 18:48:30
ComboFix-quarantined-files.txt 2012-04-27 10:48
.
Pre-Run: 41,104,412,672 bytes free
Post-Run: 41,070,153,728 bytes free
.
- - End Of File - - 4B6E889FFFC861BD0EBE5A8BAE0C2BC0
 
I just went & checked the other folder that you told me to check & found the correct 1 (not sure what the last 1 I posted means?)

Pretty sure this is the correct one now.



2012-04-27 10:47:40 . 2012-04-27 10:47:40 1,306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Fortress 2012.reg.dat
2012-04-27 10:47:40 . 2012-04-27 10:47:40 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RewardsArcade.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-51110031.sys.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38545416.sys.reg.dat
2012-04-27 10:47:22 . 2012-04-27 10:47:22 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-04-27 10:46:42 . 2012-04-27 10:46:42 373 ----a-w- C:\Qoobox\Quarantine\G\av1.zip
2012-04-27 10:46:42 . 2007-10-22 19:54:10 90 ----a-w- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
2012-04-27 01:30:58 . 2012-04-27 10:45:19 16,593 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-27 00:25:58 . 2012-04-27 10:30:04 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-02 00:41:15 . 2012-01-02 00:41:15 376,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\Uninstall.exe.vir
2011-11-03 17:39:18 . 2011-11-03 17:39:18 313,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.exe.vir
2011-11-03 17:38:44 . 2011-11-03 17:38:44 528,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.dll.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 36,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\appAPIinternalWrapper.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 16,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\fb.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 172,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\jquery.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 10,795 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\json.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 2,512,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\UserConfirmation.exe.vir
2011-07-30 11:32:26 . 2011-07-30 11:32:24 113,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg.vir
2011-07-30 11:29:20 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe.vir
2011-07-30 11:23:28 . 2011-07-30 11:32:02 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe.vir
2011-07-30 11:22:21 . 2009-05-22 09:15:42 316,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe.vir
2011-07-30 11:19:54 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 30,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 46,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 218,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
2011-06-16 19:01:01 . 2011-02-22 23:06:28 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1FE.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 11,080,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET203.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET205.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET209.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20A.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 5,962,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20B.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 1,210,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20F.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET210.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C8.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C7.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:11 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1D2.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:12 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C1.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:11 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CC.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:12 1,211,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C2.tmp.vir
2011-06-16 05:23:41 . 2011-05-30 22:19:48 5,964,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C6.tmp.vir
2011-05-12 22:52:39 . 2011-05-12 22:52:39 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2011-05-12 22:52:39 . 2003-02-20 20:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2011-04-26 02:11:12 . 2011-04-26 02:11:12 11,081,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CE.tmp.vir
2010-11-14 12:38:53 . 2010-11-14 12:38:55 3,072 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2009-09-04 12:37:03 . 2008-09-02 11:51:48 81,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\pub1DD.tmp.vir
2009-09-04 12:36:52 . 2007-10-15 21:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP318.tmp.vir
2009-09-04 12:36:52 . 2007-10-17 21:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP3D1.tmp.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 551,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir
2007-11-07 00:03:18 . 2007-11-07 00:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2006-10-18 13:47:20 . 2006-10-18 13:47:20 8,231,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBE.tmp.vir
2003-02-20 21:16:08 . 2003-02-20 21:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
 
Hi jacknjaspa,

You did fine. The first log you posted was the combofix log. It indicates that it was interupted during it's run. The second log is the quarantined files list. I asked for this just in case it was created and you couldn't get combofix to complete it's run.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"NetSvcs"=-
"NetSvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
  75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
  63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
  76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
  63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
  65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
  6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
  74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
  6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
  6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
  61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
  64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
  65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
  73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
  6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
  69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
  61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
  75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
  65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00

Driver::
sqlserveragent
AVCSTRM
websensecamreportserver
vsdatant
zendcoreapache
epson_pm_rpcv2_02
MRESP50a64
ami0nt
UPATC
proxyhostdriver
AlKernel
Xponaut_WBD
beatjammusicstreamingserver
s616mgmt
nod32krn
btfirst
cpqdmi
symantecantibotshim
NWSNS
cachemgr
enodpl
HssTrayService
deventagent
sbcssvc
Sk99202k
useraccess
phc600
ibmpmsvc
FETNDIS
rt73
antivirservice
stllssvr
flashcomadmin
papycpu2
pilogsrv
epsonbidirectionalagent
ibmfilter
lxby_device
sit_flt
EagleNT
mfeapfk
videoacceleratorengine
rslinxng
vmparport
BoiHwsetup
usbatapi2000
igniteservice.exe
bthidenum
ltxred
p2psvc
HPFECP20
IWCA
UDFReadr
wpshelper
serialkeys
cq_mem
fcprintservice
lxcj_device
CAMFLT
MSFWHLPR
pcscnsrv
uhcd
bcm43xx
61883
GT680x
oracleorahome92tnslistener
GTF32BUS
ibmpmdrv
IntelC53
FA312
ZuneWlanCfgSvc
spcsutilityservice
tzontservice
enxpsvc
HpqKbFiltr
3dkeybd
pshost
pdlnctdl
wlluc48
KMW_USB
aksusb
wlancfg
hsf_dp
moufiltr
mks_scan
dktknsrv
aswmon2
dot4print
EIO_XP
SE2Cmdm
snapman
Si3114r5
hidgame
dirms_defragmentation
elnkservice
DM9102
pdlnemsg
dnwhodisp
NCPro
upperdev
npfmntor
aslm75
lusbaudio
bhmonitorservice
SiRemFil
whoisd32
tfsnopio
CBN
se44mgmt
opcenum
ANC
appnnode
dlaudfam
AVerBDA
bglivesvc
ASMMAP
clisvc
snac
pepifilter
dtscsi
sprtsvc_ddoctorv2
NWADI
MSCamSvc
2wirepcp
freepops
USB_RNDIS
sandboxu
BrPar
scarddrv
wmccdsls
lxdm_device
StickyMesger
cmigameport
ixiaendpoint
Machnm32
symantecantibotdriver
bridgemp
driverhardwarev2
TMHIDSRV
dsbrokerservice
DCamUSBMke
ntiopnp
NxSysMon
pdengine
besclient
iaimfp2
pmsveh
SiSRaid2
DritekPortIO
sshrmd
sonytvc
pavdrv
nim32
scsiaccess
admjoy
ofcpfwsvc
ntsyslog
netdevio
mcvsrte
pnrouter
SrvcEPIOMngr
backuplauncher
ltmodem5
sbhooksvc
iaimtv2
HSFHWICH
belgium_id_card_service
ccalib8
tversitymediaserver
winachcf
susbser

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post the combofix log.

How's the computer?
 
Ok, up & about (I'm in Western Australia) & did what you told me.

Heres the log. You asked hows the computer & seems OK but not sure what I'm looking for. Should I'm run an AVG scan? (FYI No AVG warnings have pooped up.....yet)


ComboFix 12-04-26.01 - Cameron 28/04/2012 6:12.3.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_2WIREPCP
-------\Legacy_3DKEYBD
-------\Legacy_61883
-------\Legacy_ADMJOY
-------\Legacy_AKSUSB
-------\Legacy_ALKERNEL
-------\Legacy_AMI0NT
-------\Legacy_ANC
-------\Legacy_ANTIVIRSERVICE
-------\Legacy_APPNNODE
-------\Legacy_ASLM75
-------\Legacy_ASMMAP
-------\Legacy_ASWMON2
-------\Legacy_AVCSTRM
-------\Legacy_AVERBDA
-------\Legacy_BACKUPLAUNCHER
-------\Legacy_BCM43XX
-------\Legacy_BEATJAMMUSICSTREAMINGSERVER
-------\Legacy_BELGIUM_ID_CARD_SERVICE
-------\Legacy_BESCLIENT
-------\Legacy_BGLIVESVC
-------\Legacy_BHMONITORSERVICE
-------\Legacy_BOIHWSETUP
-------\Legacy_BRIDGEMP
-------\Legacy_BRPAR
-------\Legacy_BTFIRST
-------\Legacy_BTHIDENUM
-------\Legacy_CACHEMGR
-------\Legacy_CAMFLT
-------\Legacy_CBN
-------\Legacy_CCALIB8
-------\Legacy_CLISVC
-------\Legacy_CMIGAMEPORT
-------\Legacy_CPQDMI
-------\Legacy_CQ_MEM
-------\Legacy_DCAMUSBMKE
-------\Legacy_DEVENTAGENT
-------\Legacy_DIRMS_DEFRAGMENTATION
-------\Legacy_DKTKNSRV
-------\Legacy_DLAUDFAM
-------\Legacy_DM9102
-------\Legacy_DNWHODISP
-------\Legacy_DOT4PRINT
-------\Legacy_DRITEKPORTIO
-------\Legacy_DRIVERHARDWAREV2
-------\Legacy_DSBROKERSERVICE
-------\Legacy_DTSCSI
-------\Legacy_EAGLENT
-------\Legacy_EIO_XP
-------\Legacy_ELNKSERVICE
-------\Legacy_ENODPL
-------\Legacy_ENXPSVC
-------\Legacy_EPSONBIDIRECTIONALAGENT
-------\Legacy_EPSON_PM_RPCV2_02
-------\Legacy_FA312
-------\Legacy_FCPRINTSERVICE
-------\Legacy_FETNDIS
-------\Legacy_FLASHCOMADMIN
-------\Legacy_FREEPOPS
-------\Legacy_GT680X
-------\Legacy_GTF32BUS
-------\Legacy_HIDGAME
-------\Legacy_HPFECP20
-------\Legacy_HPQKBFILTR
-------\Legacy_HSFHWICH
-------\Legacy_HSF_DP
-------\Legacy_HSSTRAYSERVICE
-------\Legacy_IAIMFP2
-------\Legacy_IAIMTV2
-------\Legacy_IBMFILTER
-------\Legacy_IBMPMDRV
-------\Legacy_IBMPMSVC
-------\Legacy_IGNITESERVICE.EXE
-------\Legacy_INTELC53
-------\Legacy_IWCA
-------\Legacy_IXIAENDPOINT
-------\Legacy_KMW_USB
-------\Legacy_LTMODEM5
-------\Legacy_LTXRED
-------\Legacy_LUSBAUDIO
-------\Legacy_LXBY_DEVICE
-------\Legacy_LXCJ_DEVICE
-------\Legacy_LXDM_DEVICE
-------\Legacy_MACHNM32
-------\Legacy_MCVSRTE
-------\Legacy_MFEAPFK
-------\Legacy_MKS_SCAN
-------\Legacy_MOUFILTR
-------\Legacy_MRESP50A64
-------\Legacy_MSCAMSVC
-------\Legacy_MSFWHLPR
-------\Legacy_NCPRO
-------\Legacy_NETDEVIO
-------\Legacy_NIM32
-------\Legacy_NOD32KRN
-------\Legacy_NPFMNTOR
-------\Legacy_NTIOPNP
-------\Legacy_NTSYSLOG
-------\Legacy_NWADI
-------\Legacy_NWSNS
-------\Legacy_NXSYSMON
-------\Legacy_OFCPFWSVC
-------\Legacy_OPCENUM
-------\Legacy_ORACLEORAHOME92TNSLISTENER
-------\Legacy_P2PSVC
-------\Legacy_PAPYCPU2
-------\Legacy_PAVDRV
-------\Legacy_PCSCNSRV
-------\Legacy_PDENGINE
-------\Legacy_PDLNCTDL
-------\Legacy_PDLNEMSG
-------\Legacy_PEPIFILTER
-------\Legacy_PHC600
-------\Legacy_PILOGSRV
-------\Legacy_PMSVEH
-------\Legacy_PNROUTER
-------\Legacy_PROXYHOSTDRIVER
-------\Legacy_PSHOST
-------\Legacy_RSLINXNG
-------\Legacy_RT73
-------\Legacy_S616MGMT
-------\Legacy_SANDBOXU
-------\Legacy_SBCSSVC
-------\Legacy_SBHOOKSVC
-------\Legacy_SCARDDRV
-------\Legacy_SCSIACCESS
-------\Legacy_SE2CMDM
-------\Legacy_SE44MGMT
-------\Legacy_SERIALKEYS
-------\Legacy_SI3114R5
-------\Legacy_SIREMFIL
-------\Legacy_SISRAID2
-------\Legacy_SIT_FLT
-------\Legacy_SK99202K
-------\Legacy_SNAC
-------\Legacy_SNAPMAN
-------\Legacy_SONYTVC
-------\Legacy_SPCSUTILITYSERVICE
-------\Legacy_SPRTSVC_DDOCTORV2
-------\Legacy_SQLSERVERAGENT
-------\Legacy_SRVCEPIOMNGR
-------\Legacy_SSHRMD
-------\Legacy_STICKYMESGER
-------\Legacy_STLLSSVR
-------\Legacy_SUSBSER
-------\Legacy_SYMANTECANTIBOTDRIVER
-------\Legacy_SYMANTECANTIBOTSHIM
-------\Legacy_TFSNOPIO
-------\Legacy_TMHIDSRV
-------\Legacy_TVERSITYMEDIASERVER
-------\Legacy_TZONTSERVICE
-------\Legacy_UDFREADR
-------\Legacy_UHCD
-------\Legacy_UPATC
-------\Legacy_UPPERDEV
-------\Legacy_USBATAPI2000
-------\Legacy_USB_RNDIS
-------\Legacy_USERACCESS
-------\Legacy_VIDEOACCELERATORENGINE
-------\Legacy_VMPARPORT
-------\Legacy_VSDATANT
-------\Legacy_WEBSENSECAMREPORTSERVER
-------\Legacy_WHOISD32
-------\Legacy_WINACHCF
-------\Legacy_WLANCFG
-------\Legacy_WLLUC48
-------\Legacy_WMCCDSLS
-------\Legacy_WPSHELPER
-------\Legacy_XPONAUT_WBD
-------\Legacy_ZENDCOREAPACHE
-------\Legacy_ZUNEWLANCFGSVC
-------\Service_2wirepcp
-------\Service_3dkeybd
-------\Service_61883
-------\Service_admjoy
-------\Service_aksusb
-------\Service_AlKernel
-------\Service_ami0nt
-------\Service_ANC
-------\Service_antivirservice
-------\Service_appnnode
-------\Service_aslm75
-------\Service_ASMMAP
-------\Service_aswmon2
-------\Service_AVCSTRM
-------\Service_AVerBDA
-------\Service_backuplauncher
-------\Service_bcm43xx
-------\Service_beatjammusicstreamingserver
-------\Service_belgium_id_card_service
-------\Service_besclient
-------\Service_bglivesvc
-------\Service_bhmonitorservice
-------\Service_BoiHwsetup
-------\Service_bridgemp
-------\Service_BrPar
-------\Service_btfirst
-------\Service_bthidenum
-------\Service_cachemgr
-------\Service_CAMFLT
-------\Service_CBN
-------\Service_ccalib8
-------\Service_clisvc
-------\Service_cmigameport
-------\Service_cpqdmi
-------\Service_cq_mem
-------\Service_DCamUSBMke
-------\Service_deventagent
-------\Service_dirms_defragmentation
-------\Service_dlaudfam
-------\Service_DM9102
-------\Service_dnwhodisp
-------\Service_dot4print
-------\Service_DritekPortIO
-------\Service_driverhardwarev2
-------\Service_dsbrokerservice
-------\Service_dtscsi
-------\Service_EagleNT
-------\Service_EIO_XP
-------\Service_elnkservice
-------\Service_enodpl
-------\Service_enxpsvc
-------\Service_epson_pm_rpcv2_02
-------\Service_epsonbidirectionalagent
-------\Service_FA312
-------\Service_fcprintservice
-------\Service_FETNDIS
-------\Service_flashcomadmin
-------\Service_freepops
-------\Service_GT680x
-------\Service_GTF32BUS
-------\Service_hidgame
-------\Service_HPFECP20
-------\Service_HpqKbFiltr
-------\Service_hsf_dp
-------\Service_HSFHWICH
-------\Service_HssTrayService
-------\Service_iaimfp2
-------\Service_iaimtv2
-------\Service_ibmfilter
-------\Service_ibmpmdrv
-------\Service_ibmpmsvc
-------\Service_igniteservice.exe
-------\Service_IntelC53
-------\Service_IWCA
-------\Service_ixiaendpoint
-------\Service_KMW_USB
-------\Service_ltmodem5
-------\Service_ltxred
-------\Service_lusbaudio
-------\Service_lxby_device
-------\Service_lxcj_device
-------\Service_lxdm_device
-------\Service_Machnm32
-------\Service_mcvsrte
-------\Service_mfeapfk
-------\Service_mks_scan
-------\Service_moufiltr
-------\Service_MRESP50a64
-------\Service_MSCamSvc
-------\Service_MSFWHLPR
-------\Service_NCPro
-------\Service_netdevio
-------\Service_nim32
-------\Service_nod32krn
-------\Service_npfmntor
-------\Service_ntiopnp
-------\Service_ntsyslog
-------\Service_NWADI
-------\Service_NWSNS
-------\Service_NxSysMon
-------\Service_ofcpfwsvc
-------\Service_opcenum
-------\Service_oracleorahome92tnslistener
-------\Service_p2psvc
-------\Service_papycpu2
-------\Service_pavdrv
-------\Service_pcscnsrv
-------\Service_pdengine
-------\Service_pdlnctdl
-------\Service_pdlnemsg
-------\Service_pepifilter
-------\Service_phc600
-------\Service_pilogsrv
-------\Service_pmsveh
-------\Service_pnrouter
-------\Service_proxyhostdriver
-------\Service_pshost
-------\Service_rslinxng
-------\Service_rt73
-------\Service_s616mgmt
-------\Service_sandboxu
-------\Service_sbcssvc
-------\Service_sbhooksvc
-------\Service_scarddrv
-------\Service_scsiaccess
-------\Service_SE2Cmdm
-------\Service_se44mgmt
-------\Service_serialkeys
-------\Service_Si3114r5
-------\Service_SiRemFil
-------\Service_SiSRaid2
-------\Service_sit_flt
-------\Service_Sk99202k
-------\Service_snac
-------\Service_snapman
-------\Service_sonytvc
-------\Service_spcsutilityservice
-------\Service_sprtsvc_ddoctorv2
-------\Service_sqlserveragent
-------\Service_SrvcEPIOMngr
-------\Service_sshrmd
-------\Service_StickyMesger
-------\Service_stllssvr
-------\Service_susbser
-------\Service_symantecantibotdriver
-------\Service_symantecantibotshim
-------\Service_tfsnopio
-------\Service_TMHIDSRV
-------\Service_tversitymediaserver
-------\Service_tzontservice
-------\Service_UDFReadr
-------\Service_uhcd
-------\Service_UPATC
-------\Service_upperdev
-------\Service_USB_RNDIS
-------\Service_usbatapi2000
-------\Service_useraccess
-------\Service_videoacceleratorengine
-------\Service_vmparport
-------\Service_vsdatant
-------\Service_websensecamreportserver
-------\Service_whoisd32
-------\Service_winachcf
-------\Service_wlancfg
-------\Service_wlluc48
-------\Service_wmccdsls
-------\Service_wpshelper
-------\Service_Xponaut_WBD
-------\Service_zendcoreapache
-------\Service_ZuneWlanCfgSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-23 00:07 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\Cameron\Application Data\Uqycux
2012-04-23 00:07 . 2012-04-23 00:07 -------- d-----w- c:\documents and settings\Cameron\Application Data\Rofeen
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-22 15:47 . 2012-04-24 05:12 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ydod
2012-04-22 15:47 . 2012-04-23 00:28 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ypaxad
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-19 02:23 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-27 22:30 . 2012-04-27 22:30 16384 c:\windows\Temp\Perflib_Perfdata_8f8.dat
+ 2012-04-27 22:30 . 2009-10-06 17:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 06:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6040)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FingerPrint\FingerPrintService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-04-28 06:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 22:34
ComboFix2.txt 2012-04-27 10:48
.
Pre-Run: 41,058,344,960 bytes free
Post-Run: 40,950,337,536 bytes free
.
- - End Of File - - FD992461C2628152305169762D3AC99F
 
Hi jacknjaspa,

Please don't run an AVG. Antivrus programs have a habit od detecting and removing parts of the tools we use.

What is AVG detecting and what is the filename and path?

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
Folder::
c:\documents and settings\Cameron\Application Data\Uqycux
c:\documents and settings\Cameron\Application Data\Rofeen
c:\documents and settings\Cameron\Application Data\Ydod
c:\documents and settings\Cameron\Application Data\Ypaxad

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Next

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
  • combofix log
  • MBAM log
 
Ok I'm not running AVG, when i disabled it earlier it does if form 15 mins so Im assuming it just starts again (not sure.?)

These are the warnings that popped up;
File name C;\windows\system32\VBUS.dll
Threat name idp.trojan.1C8D1A13

File name C;\windows\system32\snapman380.dll
Threat name idp.trojan.1C8D1A13

File name C;\windows\system32\setupnt.dll
Threat name idp.trojan.1C8D1A13

Ill do what you said again & post. (please let me know if i've missed something again or if i should may try to turn off or delete AVG for good?
 
Hi jacknjaspa,

Please continue with the rest of the instructions. Disabling AVG for the 15 minutes should be ok. It will restart on it's own.
 
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ZuneWlanCfgSvc.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_zendcoreapache.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Xponaut_WBD.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wpshelper.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wmccdsls.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wlluc48.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wlancfg.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_winachcf.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_whoisd32.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,682 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_websensecamreportserver.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vsdatant.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vmparport.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,816 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_videoacceleratorengine.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,748 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_useraccess.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 4,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_usbatapi2000.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,794 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_USB_RNDIS.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_upperdev.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UPATC.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_uhcd.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UDFReadr.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,580 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tzontservice.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tversitymediaserver.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,552 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TMHIDSRV.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tfsnopio.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 4,070 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_symantecantibotshim.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,634 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_symantecantibotdriver.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,454 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_susbser.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_stllssvr.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,724 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_StickyMesger.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sshrmd.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SrvcEPIOMngr.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sqlserveragent.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sprtsvc_ddoctorv2.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,604 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_spcsutilityservice.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sonytvc.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,660 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_snapman.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_snac.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Sk99202k.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sit_flt.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,448 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SiSRaid2.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,572 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SiRemFil.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,662 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Si3114r5.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_serialkeys.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_se44mgmt.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,508 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SE2Cmdm.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_scsiaccess.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_scarddrv.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sbhooksvc.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,452 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sbcssvc.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sandboxu.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_s616mgmt.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rt73.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rslinxng.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pshost.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_proxyhostdriver.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,512 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pnrouter.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pmsveh.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pilogsrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,458 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_phc600.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,598 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pepifilter.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdlnemsg.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,466 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdlnctdl.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdengine.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,944 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pcscnsrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pavdrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_papycpu2.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_p2psvc.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_oracleorahome92tnslistener.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_opcenum.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ofcpfwsvc.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NxSysMon.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,462 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NWSNS.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NWADI.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ntsyslog.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ntiopnp.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_npfmntor.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nod32krn.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nim32.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_netdevio.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,510 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NCPro.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSFWHLPR.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSCamSvc.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MRESP50a64.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_moufiltr.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,730 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mks_scan.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mfeapfk.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mcvsrte.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Machnm32.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxdm_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxcj_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,642 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxby_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lusbaudio.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,450 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ltxred.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ltmodem5.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_KMW_USB.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ixiaendpoint.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_IWCA.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_IntelC53.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,664 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_igniteservice.exe.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmpmsvc.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmpmdrv.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmfilter.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_iaimtv2.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,650 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_iaimfp2.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HssTrayService.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HSFHWICH.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hsf_dp.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HpqKbFiltr.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HPFECP20.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hidgame.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GTF32BUS.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GT680x.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_freepops.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,790 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_flashcomadmin.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FETNDIS.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_fcprintservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,460 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FA312.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,770 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_epsonbidirectionalagent.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,574 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_epson_pm_rpcv2_02.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_enxpsvc.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_enodpl.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_elnkservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,568 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_EIO_XP.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,468 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_EagleNT.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dtscsi.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dsbrokerservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_driverhardwarev2.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DritekPortIO.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dot4print.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dnwhodisp.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,628 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DM9102.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dlaudfam.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dirms_defragmentation.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_deventagent.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DCamUSBMke.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cq_mem.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,544 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpqdmi.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cmigameport.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_clisvc.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ccalib8.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_CBN.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_CAMFLT.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cachemgr.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bthidenum.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,700 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_btfirst.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BrPar.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,588 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bridgemp.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BoiHwsetup.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,644 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bhmonitorservice.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bglivesvc.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,462 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_besclient.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,906 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_belgium_id_card_service.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,686 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_beatjammusicstreamingserver.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bcm43xx.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,600 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_backuplauncher.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,502 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AVerBDA.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AVCSTRM.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,496 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aswmon2.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ASMMAP.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aslm75.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_appnnode.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_antivirservice.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ANC.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ami0nt.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AlKernel.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aksusb.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_admjoy.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,488 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_61883.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 3,452 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_3dkeybd.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 3,562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_2wirepcp.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,096 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZUNEWLANCFGSVC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,096 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZENDCOREAPACHE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,084 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_XPONAUT_WBD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WPSHELPER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WMCCDSLS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WLLUC48.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WLANCFG.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WINACHCF.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WHOISD32.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WEBSENSECAMREPORTSERVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VSDATANT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VMPARPORT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VIDEOACCELERATORENGINE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USERACCESS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USB_RNDIS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,138 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USBATAPI2000.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UPPERDEV.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UPATC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 992 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UHCD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UDFREADR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TZONTSERVICE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,144 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TVERSITYMEDIASERVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TMHIDSRV.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TFSNOPIO.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,212 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYMANTECANTIBOTSHIM.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYMANTECANTIBOTDRIVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,022 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SUSBSER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_STLLSSVR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,092 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_STICKYMESGER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SSHRMD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,072 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SRVCEPIOMNGR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SQLSERVERAGENT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SPRTSVC_DDOCTORV2.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SPCSUTILITYSERVICE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SONYTVC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SNAPMAN.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SK99202K.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 998 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SNAC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SIT_FLT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SISRAID2.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SIREMFIL.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,054 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SI3114R5.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SERIALKEYS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SE44MGMT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SE2CMDM.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SCSIACCESS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SCARDDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SBHOOKSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SBCSSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SANDBOXU.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_S616MGMT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 994 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RT73.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RSLINXNG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PSHOST.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PROXYHOSTDRIVER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PNROUTER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PMSVEH.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PILOGSRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PHC600.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,062 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PEPIFILTER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDLNEMSG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDLNCTDL.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDENGINE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PCSCNSRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PAVDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PAPYCPU2.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_P2PSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,214 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ORACLEORAHOME92TNSLISTENER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_OPCENUM.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,090 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_OFCPFWSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NXSYSMON.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,006 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NWSNS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NWADI.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NTSYSLOG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NTIOPNP.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPFMNTOR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NOD32KRN.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,012 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NIM32.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NETDEVIO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NCPRO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSFWHLPR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSCAMSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MRESP50A64.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MOUFILTR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MKS_SCAN.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MFEAPFK.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MACHNM32.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MCVSRTE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXDM_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,062 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXCJ_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXBY_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LUSBAUDIO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LTXRED.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LTMODEM5.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_KMW_USB.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IXIAENDPOINT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IWCA.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_INTELC53.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,126 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IGNITESERVICE.EXE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMPMSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMPMDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMFILTER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAIMTV2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAIMFP2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSSTRAYSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSFHWICH.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSF_DP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HPQKBFILTR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HPFECP20.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HIDGAME.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GTF32BUS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GT680X.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FREEPOPS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,086 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FLASHCOMADMIN.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FETNDIS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FCPRINTSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,004 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FA312.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EPSON_PM_RPCV2_02.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EPSONBIDIRECTIONALAGENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ENXPSVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ENODPL.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ELNKSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EIO_XP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EAGLENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DTSCSI.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DRIVERHARDWAREV2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DSBROKERSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,076 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DRITEKPORTIO.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DOT4PRINT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DNWHODISP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DM9102.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DLAUDFAM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 806 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DKTKNSRV.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DIRMS_DEFRAGMENTATION.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DEVENTAGENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DCAMUSBMKE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CQ_MEM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPQDMI.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CMIGAMEPORT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CLISVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CCALIB8.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CBN.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CAMFLT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CACHEMGR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTHIDENUM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTFIRST.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BRPAR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BRIDGEMP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BOIHWSETUP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BHMONITORSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BGLIVESVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BESCLIENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,216 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BELGIUM_ID_CARD_SERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BEATJAMMUSICSTREAMINGSERVER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BCM43XX.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,098 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BACKUPLAUNCHER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AVERBDA.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AVCSTRM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASMMAP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASWMON2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASLM75.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_APPNNODE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,098 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANTIVIRSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AMI0NT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ALKERNEL.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AKSUSB.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ADMJOY.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_61883.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_3DKEYBD.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_2WIREPCP.reg.dat
2012-04-27 22:12:27 . 2012-04-28 01:02:54 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-04-27 10:47:40 . 2012-04-27 10:47:40 1,306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Fortress 2012.reg.dat
2012-04-27 10:47:40 . 2012-04-27 10:47:40 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RewardsArcade.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-51110031.sys.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38545416.sys.reg.dat
2012-04-27 10:47:22 . 2012-04-27 10:47:22 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-04-27 10:46:42 . 2012-04-27 10:46:42 373 ----a-w- C:\Qoobox\Quarantine\G\av1.zip
2012-04-27 10:46:42 . 2007-10-22 19:54:10 90 ----a-w- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
2012-04-27 01:30:58 . 2012-04-28 01:17:02 16,497 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-27 00:25:58 . 2012-04-28 01:01:33 459 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-04-23 06:07:24 . 2012-04-23 06:07:24 734 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Ypaxad\dowii.xet.vir
2012-04-23 00:27:56 . 2012-04-23 00:27:56 745 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Ypaxad\dowii.tmp.vir
2012-02-26 00:53:08 . 2012-04-23 06:07:24 1,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Rofeen\koec.unf.vir
2012-01-02 00:41:15 . 2012-01-02 00:41:15 376,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\Uninstall.exe.vir
2011-11-03 17:39:18 . 2011-11-03 17:39:18 313,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.exe.vir
2011-11-03 17:38:44 . 2011-11-03 17:38:44 528,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.dll.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 36,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\appAPIinternalWrapper.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 16,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\fb.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 172,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\jquery.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 10,795 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\json.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 2,512,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\UserConfirmation.exe.vir
2011-07-30 11:32:26 . 2011-07-30 11:32:24 113,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg.vir
2011-07-30 11:29:20 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe.vir
2011-07-30 11:23:28 . 2011-07-30 11:32:02 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe.vir
2011-07-30 11:22:21 . 2009-05-22 09:15:42 316,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe.vir
2011-07-30 11:19:54 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 30,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 46,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 218,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
2011-06-16 19:01:01 . 2011-02-22 23:06:28 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1FE.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 11,080,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET203.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET205.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET209.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20A.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 5,962,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20B.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 1,210,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20F.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET210.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C8.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C7.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:11 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1D2.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:12 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C1.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:11 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CC.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:12 1,211,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C2.tmp.vir
2011-06-16 05:23:41 . 2011-05-30 22:19:48 5,964,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C6.tmp.vir
2011-05-12 22:52:39 . 2011-05-12 22:52:39 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2011-05-12 22:52:39 . 2003-02-20 20:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2011-04-26 02:11:12 . 2011-04-26 02:11:12 11,081,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CE.tmp.vir
2010-11-14 12:38:53 . 2010-11-14 12:38:55 3,072 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2009-09-04 12:37:03 . 2008-09-02 11:51:48 81,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\pub1DD.tmp.vir
2009-09-04 12:36:52 . 2007-10-15 21:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP318.tmp.vir
2009-09-04 12:36:52 . 2007-10-17 21:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP3D1.tmp.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 551,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir
2007-11-07 00:03:18 . 2007-11-07 00:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2006-10-18 13:47:20 . 2006-10-18 13:47:20 8,231,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBE.tmp.vir
2003-02-20 21:16:08 . 2003-02-20 21:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cameron :: B03F21AE66BF49C [administrator]

28/04/2012 9:38:35 AM
mbam-log-2012-04-28 (09-38-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316841
Time elapsed: 25 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 57
C:\Documents and Settings\Cameron\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Desktop\SoftonicDownloader_for_erunt.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\i4b472809738689536405.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\i4b1979056293502111196.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\khy8gcqy.tmp\installer_toggle_english.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)
 
Hi jacknjaspa,

The MBAM log looks good. The log you posted was the qurantine log. The log I need is the combofix log. You can find it on the C:\ drive it is named combofix.txt
 
ComboFix 12-04-26.01 - Cameron 28/04/2012 9:02.4.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Cameron\Application Data\Rofeen
c:\documents and settings\Cameron\Application Data\Rofeen\koec.unf
c:\documents and settings\Cameron\Application Data\Uqycux
c:\documents and settings\Cameron\Application Data\Ydod
c:\documents and settings\Cameron\Application Data\Ypaxad
c:\documents and settings\Cameron\Application Data\Ypaxad\dowii.tmp
c:\documents and settings\Cameron\Application Data\Ypaxad\dowii.xet
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-27 22:05 . 2012-04-27 22:34 -------- d-----w- C:\jgh
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-27 23:43 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-28 01:01 . 2012-04-28 01:01 16384 c:\windows\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 09:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-28 09:19:41
ComboFix-quarantined-files.txt 2012-04-28 01:19
ComboFix2.txt 2012-04-27 22:34
ComboFix3.txt 2012-04-27 10:48
.
Pre-Run: 40,304,840,704 bytes free
Post-Run: 40,337,424,384 bytes free
.
- - End Of File - - 564515F3D5A51A4F672DC22717D35676
 
Hi jacknjaspa,


Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
File::
C:\windows\system32\us30service.dll   
C:\windows\system32\msgame.dll   
C:\windows\system32\irbus.dll   
C:\windows\system32\PSDNServ.dll   
C:\windows\system32\adobeversioncue.dll   
C:\windows\system32\pid_0928.dll   
C:\windows\system32\fetnd5bv.dll   
C:\windows\system32\Machnm32.dll   
C:\windows\system32\TeamViewer.dll   
C:\windows\system32\DCamUSBSQTECH.dll   
C:\windows\system32\WinVd32.dll   
C:\windows\system32\sthda.dll   
C:\windows\system32\mrpostman.dll   
C:\windows\system32\asp.net_2.0.50727.dll   
C:\windows\system32\tsircsrv.dll   
C:\windows\system32\wusb54gv2svc.dll   
C:\windows\system32\rpclocator.dll   
C:\windows\system32\nvmd.dll   
C:\windows\system32\AdfuUd.dll   
C:\windows\system32\nvgts.dll   
C:\windows\system32\pctavsvc.dll   
C:\windows\system32\cccredmgr.dll   
C:\windows\system32\EagleNT.dll   
C:\windows\system32\ndasbus.dll   
C:\windows\system32\hdaudbus.dll
C:\windows\system32\sentinelprotectionserver.dll   
C:\windows\system32\yats32.dll   
C:\windows\system32\LMIRfsClientNP.dll   
C:\windows\system32\DgiVecp.dll   
C:\windows\system32\ccevtmgr.dll   
C:\windows\system32\bt.dll   
C:\windows\system32\hap17v2k.dll   
C:\windows\system32\AdobeActiveFileMonitor6.0.dll   
C:\windows\system32\clipsrv.dll   
C:\windows\system32\z800mdm.dll   
C:\windows\system32\BrScnUsb.dll   
C:\windows\system32\sr_service.dll   
C:\windows\system32\clnt_clientman.dll   
C:\windows\system32\s125mdm.dll   
C:\windows\system32\W55U01.dll   
C:\windows\system32\psdvdisk.dll   
C:\windows\system32\qbposdbservices.dll   
C:\windows\system32\NWUSBModem.dll   
C:\windows\system32\CDRPDACC.dll   
C:\windows\system32\U81xmgmt.dll   
C:\windows\system32\Spsmqvsm.dll   
C:\windows\system32\lanmanserver.dll   
C:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll   
C:\windows\system32\tga.dll
C:\windows\system32\NWDHCP.dll   
C:\windows\system32\pfmodnt.dll   
C:\windows\system32\viaudio.dll   
C:\windows\system32\ATMsrvc.dll   
C:\windows\system32\ksthunk.dll   
C:\windows\system32\bthusb.dll   
C:\windows\system32\fsRamDsk.dll   
C:\windows\system32\navapel.dll   
C:\windows\system32\bt3cusb.dll   
C:\windows\system32\p2pimsvc.dll   
C:\windows\system32\MREMP50a64.dll   
C:\windows\system32\oracle%oracle_home_service%clientcache80.dll   
C:\windows\system32\websenselogserver.dll   
C:\windows\system32\snareiis.dll   
C:\windows\system32\SNP2STD.dll   
C:\windows\system32\SetupNT.dll   
C:\windows\system32\dnetc.dll   
C:\windows\system32\RioS30.dll   
C:\windows\system32\lxdm_device.dll   
C:\windows\system32\cpsvc.dll   
C:\windows\system32\iAimTV5.dll   
C:\windows\system32\Wbutton.dll   
C:\windows\system32\atitool.dll   
C:\windows\system32\bvrp_pci.dll
C:\windows\system32\AmdLLD.dll   
C:\windows\system32\CoolerXPDriver.dll   
C:\windows\system32\adpu320.dll   
C:\windows\system32\asusgsb.dll   
C:\windows\system32\NWSNS.dll   
C:\windows\system32\RR2Ctrl.dll   
C:\windows\system32\ikhlayer.dll   
C:\windows\system32\processor.dll   
C:\windows\system32\2wirepcp.dll   
C:\windows\system32\intelppm.dll   
C:\windows\system32\vsbus.dll   
C:\windows\system32\backupexecnamingservice.dll   
C:\windows\system32\aswrdr.dll   
C:\windows\system32\NSSvcMgr.dll   
C:\windows\system32\RTLE8023xp.dll   
C:\windows\system32\Xyz777s.dll   
C:\windows\system32\USB_NDIS_51.dll   
C:\windows\system32\amfilter.dll   
C:\windows\system32\WUSB54Gv4SVC.dll   
C:\windows\system32\bwcsrv.dll   
C:\windows\system32\ultra.dll   
C:\windows\system32\lwwlicenseservice.dll   
C:\windows\system32\SiSRaid.dll  
C:\windows\system32\idsvc.dll   
C:\windows\system32\NuidFltr.dll   
C:\windows\system32\NtMtlFax.dll   
C:\windows\system32\wencrservice.dll   
C:\windows\system32\ireike.dll   
c:\windows\system32\sffdisk.dll   
C:\windows\system32\i8042prt.dll   
C:\windows\system32\msgame.dll   
C:\windows\system32\rt61.dll   
C:\windows\system32\spbbcsvc.dll   
C:\windows\system32\stirusb.dll   
C:\windows\system32\RivaTuner32.dll   
C:\windows\system32\btserial.dll   
C:\windows\system32\snapman380.dll   
C:\windows\system32\lmimirr.dll   
C:\windows\system32\TPECioCtl.dll   
C:\windows\system32\UWProSys.dll   
C:\windows\system32\avcgbfl.dll   
C:\windows\system32\dns4meclient.dll   
C:\windows\system32\sysaidagent.dll   
C:\windows\system32\service.dll   
C:\windows\system32\CoachUsb.dll   
C:\windows\system32\pdlnshay.dll   
C:\windows\system32\ghostsec.dll
C:\windows\system32\DSI_SiUSBXp_3_1.dll   
C:\windows\system32\smapint.dll   
C:\windows\system32\db2governor.dll   
C:\windows\system32\AppnApi.dll
C:\windows\system32\ICAM5USB.dll   
C:\windows\system32\om518p.dll   
C:\windows\system32\protexislicensing.dll   
C:\windows\system32\se59mgmt.dll   
C:\windows\system32\ql12160.dll   
C:\windows\system32\odysseyIM4.dll   
C:\windows\system32\dlcc_device.dll   
C:\windows\system32\DSXUSB.dll   
C:\windows\system32\ctxcpubal.dll   
C:\windows\system32\ipodsrv.dll   
C:\windows\system32\NTIDrvr.dll   
C:\windows\system32\msk80service.dll   
C:\windows\system32\WinFl32.dll   
C:\windows\system32\Sunkfiltp.dll   
C:\windows\system32\lpx.dll   
C:\windows\system32\pdlnafac.dll   
C:\windows\system32\x10nets.dll   
C:\windows\system32\nvrd64.dll   
C:\windows\system32\rdpdr.dll   
C:\windows\system32\nvata.dll 
C:\windows\system32\retroexplauncher.dll   
C:\windows\system32\twotrack.dll   
C:\windows\system32\VC6SecS.dll   
C:\windows\system32\aswrdr.dll   
C:\windows\system32\nvedavt.dll   
C:\windows\system32\LHidUsbK.dll   
C:\windows\system32\statusagent4.dll   
 C:\windows\system32\SMNDIS5.dll   
C:\windows\system32\edspport.dll   
C:\windows\system32\wlancig.dll   
C:\windows\system32\pdcomp.dll   
C:\windows\system32\uagp35.dll   
C:\windows\system32\rspndr.dll   
C:\windows\system32\UNDPX2A.dll   
C:\windows\system32\traprcvr.dll   
C:\windows\system32\TPPWRIF.dll   
C:\windows\system32\rimsptsk.dll   
C:\windows\system32\pdiddcci.dll   
C:\windows\system32\slabser.dll   
C:\windows\system32\ppa3.dll   
C:\windows\system32\messenger.dll   
C:\windows\system32\rksample.dll   
C:\windows\system32\roxliveshare9.dll   
C:\windows\system32\Defrag32.dll   
C:\windows\system32\prismxl.dll   
C:\windows\system32\wfxsvc.dll

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post the combofix log.

How's the computer?

Any more AVG detections?
 
ComboFix 12-04-26.01 - Cameron 29/04/2012 8:52.6.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\2wirepcp.dll"
"c:\windows\system32\AdfuUd.dll"
"c:\windows\system32\AdobeActiveFileMonitor6.0.dll"
"c:\windows\system32\adobeversioncue.dll"
"c:\windows\system32\adpu320.dll"
"c:\windows\system32\AmdLLD.dll"
"c:\windows\system32\amfilter.dll"
"c:\windows\system32\AppnApi.dll"
"c:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll"
"c:\windows\system32\asp.net_2.0.50727.dll"
"c:\windows\system32\asusgsb.dll"
"c:\windows\system32\aswrdr.dll"
"c:\windows\system32\atitool.dll"
"c:\windows\system32\ATMsrvc.dll"
"c:\windows\system32\avcgbfl.dll"
"c:\windows\system32\backupexecnamingservice.dll"
"c:\windows\system32\BrScnUsb.dll"
"c:\windows\system32\bt.dll"
"c:\windows\system32\bt3cusb.dll"
"c:\windows\system32\bthusb.dll"
"c:\windows\system32\btserial.dll"
"c:\windows\system32\bvrp_pci.dll"
"c:\windows\system32\bwcsrv.dll"
"c:\windows\system32\cccredmgr.dll"
"c:\windows\system32\ccevtmgr.dll"
"c:\windows\system32\CDRPDACC.dll"
"c:\windows\system32\clipsrv.dll"
"c:\windows\system32\clnt_clientman.dll"
"c:\windows\system32\CoachUsb.dll"
"c:\windows\system32\CoolerXPDriver.dll"
"c:\windows\system32\cpsvc.dll"
"c:\windows\system32\ctxcpubal.dll"
"c:\windows\system32\db2governor.dll"
"c:\windows\system32\DCamUSBSQTECH.dll"
"c:\windows\system32\Defrag32.dll"
"c:\windows\system32\DgiVecp.dll"
"c:\windows\system32\dlcc_device.dll"
"c:\windows\system32\dnetc.dll"
"c:\windows\system32\dns4meclient.dll"
"c:\windows\system32\DSI_SiUSBXp_3_1.dll"
"c:\windows\system32\DSXUSB.dll"
"c:\windows\system32\EagleNT.dll"
"c:\windows\system32\edspport.dll"
"c:\windows\system32\fetnd5bv.dll"
"c:\windows\system32\fsRamDsk.dll"
"c:\windows\system32\ghostsec.dll"
"c:\windows\system32\hap17v2k.dll"
"c:\windows\system32\hdaudbus.dll"
"c:\windows\system32\i8042prt.dll"
"c:\windows\system32\iAimTV5.dll"
"c:\windows\system32\ICAM5USB.dll"
"c:\windows\system32\idsvc.dll"
"c:\windows\system32\ikhlayer.dll"
"c:\windows\system32\intelppm.dll"
"c:\windows\system32\ipodsrv.dll"
"c:\windows\system32\irbus.dll"
"c:\windows\system32\ireike.dll"
"c:\windows\system32\ksthunk.dll"
"c:\windows\system32\lanmanserver.dll"
"c:\windows\system32\LHidUsbK.dll"
"c:\windows\system32\lmimirr.dll"
"c:\windows\system32\LMIRfsClientNP.dll"
"c:\windows\system32\lpx.dll"
"c:\windows\system32\lwwlicenseservice.dll"
"c:\windows\system32\lxdm_device.dll"
"c:\windows\system32\Machnm32.dll"
"c:\windows\system32\messenger.dll"
"c:\windows\system32\MREMP50a64.dll"
"c:\windows\system32\mrpostman.dll"
"c:\windows\system32\msgame.dll"
"c:\windows\system32\msk80service.dll"
"c:\windows\system32\navapel.dll"
"c:\windows\system32\ndasbus.dll"
"c:\windows\system32\NSSvcMgr.dll"
"c:\windows\system32\NTIDrvr.dll"
"c:\windows\system32\NtMtlFax.dll"
"c:\windows\system32\NuidFltr.dll"
"c:\windows\system32\nvata.dll"
"c:\windows\system32\nvedavt.dll"
"c:\windows\system32\nvgts.dll"
"c:\windows\system32\nvmd.dll"
"c:\windows\system32\nvrd64.dll"
"c:\windows\system32\NWDHCP.dll"
"c:\windows\system32\NWSNS.dll"
"c:\windows\system32\NWUSBModem.dll"
"c:\windows\system32\odysseyIM4.dll"
"c:\windows\system32\om518p.dll"
"c:\windows\system32\oracle%oracle_home_service%clientcache80.dll"
"c:\windows\system32\p2pimsvc.dll"
"c:\windows\system32\pctavsvc.dll"
"c:\windows\system32\pdcomp.dll"
"c:\windows\system32\pdiddcci.dll"
"c:\windows\system32\pdlnafac.dll"
"c:\windows\system32\pdlnshay.dll"
"c:\windows\system32\pfmodnt.dll"
"c:\windows\system32\pid_0928.dll"
"c:\windows\system32\ppa3.dll"
"c:\windows\system32\prismxl.dll"
"c:\windows\system32\processor.dll"
"c:\windows\system32\protexislicensing.dll"
"c:\windows\system32\PSDNServ.dll"
"c:\windows\system32\psdvdisk.dll"
"c:\windows\system32\qbposdbservices.dll"
"c:\windows\system32\ql12160.dll"
"c:\windows\system32\rdpdr.dll"
"c:\windows\system32\retroexplauncher.dll"
"c:\windows\system32\rimsptsk.dll"
"c:\windows\system32\RioS30.dll"
"c:\windows\system32\RivaTuner32.dll"
"c:\windows\system32\rksample.dll"
"c:\windows\system32\roxliveshare9.dll"
"c:\windows\system32\rpclocator.dll"
"c:\windows\system32\RR2Ctrl.dll"
"c:\windows\system32\rspndr.dll"
"c:\windows\system32\rt61.dll"
"c:\windows\system32\RTLE8023xp.dll"
"c:\windows\system32\s125mdm.dll"
"c:\windows\system32\se59mgmt.dll"
"c:\windows\system32\sentinelprotectionserver.dll"
"c:\windows\system32\service.dll"
"c:\windows\system32\SetupNT.dll"
"c:\windows\system32\sffdisk.dll"
"c:\windows\system32\SiSRaid.dll"
"c:\windows\system32\slabser.dll"
"c:\windows\system32\smapint.dll"
"c:\windows\system32\SMNDIS5.dll"
"c:\windows\system32\snapman380.dll"
"c:\windows\system32\snareiis.dll"
"c:\windows\system32\SNP2STD.dll"
"c:\windows\system32\spbbcsvc.dll"
"c:\windows\system32\Spsmqvsm.dll"
"c:\windows\system32\sr_service.dll"
"c:\windows\system32\statusagent4.dll"
"c:\windows\system32\sthda.dll"
"c:\windows\system32\stirusb.dll"
"c:\windows\system32\Sunkfiltp.dll"
"c:\windows\system32\sysaidagent.dll"
"c:\windows\system32\TeamViewer.dll"
"c:\windows\system32\tga.dll"
"c:\windows\system32\TPECioCtl.dll"
"c:\windows\system32\TPPWRIF.dll"
"c:\windows\system32\traprcvr.dll"
"c:\windows\system32\tsircsrv.dll"
"c:\windows\system32\twotrack.dll"
"c:\windows\system32\U81xmgmt.dll"
"c:\windows\system32\uagp35.dll"
"c:\windows\system32\ultra.dll"
"c:\windows\system32\UNDPX2A.dll"
"c:\windows\system32\us30service.dll"
"c:\windows\system32\USB_NDIS_51.dll"
"c:\windows\system32\UWProSys.dll"
"c:\windows\system32\VC6SecS.dll"
"c:\windows\system32\viaudio.dll"
"c:\windows\system32\vsbus.dll"
"c:\windows\system32\W55U01.dll"
"c:\windows\system32\Wbutton.dll"
"c:\windows\system32\websenselogserver.dll"
"c:\windows\system32\wencrservice.dll"
"c:\windows\system32\wfxsvc.dll"
"c:\windows\system32\WinFl32.dll"
"c:\windows\system32\WinVd32.dll"
"c:\windows\system32\wlancig.dll"
"c:\windows\system32\wusb54gv2svc.dll"
"c:\windows\system32\WUSB54Gv4SVC.dll"
"c:\windows\system32\x10nets.dll"
"c:\windows\system32\Xyz777s.dll"
"c:\windows\system32\yats32.dll"
"c:\windows\system32\z800mdm.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-28 01:47 . 2012-04-28 01:47 -------- d-----w- C:\iso
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\documents and settings\Cameron\Application Data\Malwarebytes
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 01:37 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 22:05 . 2012-04-27 22:34 -------- d-----w- C:\jgh
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-28 01:46 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-29 00:51 . 2012-04-29 00:51 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 09:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-29 09:08:52
ComboFix-quarantined-files.txt 2012-04-29 01:08
ComboFix2.txt 2012-04-28 01:19
ComboFix3.txt 2012-04-27 22:34
ComboFix4.txt 2012-04-27 10:48
.
Pre-Run: 35,518,259,200 bytes free
Post-Run: 35,518,197,760 bytes free
.
- - End Of File - - DD853BF5336988CE58D449306C09E703
 
Hi jacknjaspa,

How's the computer? The logs look ok now.

Your java is out of date. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now

After the java is updated, reboot your computer if not prompted to.


Next

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


Next

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.


Please post back with the
  • OTL fix log
  • ESET log if there was one
Any issues?
 
Status
Not open for further replies.
Back
Top