Internet Explorer keeps opening by itself

Everything seems to running normal now. I don't detect iexplore.exe running in the task manager any more either. I will keep testing and post results soon.
 
Hello Benjie :),

Yes, please use the computer a while.

--------------------

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Open Notepad. Copy and paste the following text into it:
    Code: 
    DirLook::
c:\program files\mozilla firefox\nsw10.tmp

FileLook::
c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PbXLTBUktOat"=-
  • Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update, please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

Please post back:
1. the ComboFix log
2. any more problems?
 
So far, so good. Still no problems detected.




ComboFix 11-07-28.06 - Terry 07/28/2011 20:29:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.865 [GMT -4:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terry\Desktop\CFScript.txt
AV: AVG Internet Security Business Edition *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-27 12:27 . 2011-07-27 12:27 -------- d-----w- c:\program files\ESET
2011-07-26 16:50 . 2011-07-26 16:50 -------- d-----w- c:\documents and settings\Terry\Application Data\Malwarebytes
2011-07-26 16:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:50 . 2011-07-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 16:49 . 2011-07-26 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 17:05 . 2011-07-20 17:05 -------- d-----w- c:\documents and settings\Benjie.TM\Local Settings\Application Data\Mozilla
2011-07-20 16:56 . 2011-07-20 16:56 -------- d-sh--w- c:\documents and settings\Benjie.TM\PrivacIE
2011-07-20 16:39 . 2011-07-20 16:39 -------- d-----w- c:\documents and settings\Benjie.TM\Local Settings\Application Data\Identities
2011-07-20 16:39 . 2011-07-20 16:39 -------- d-----w- c:\documents and settings\Benjie.TM\Application Data\Windows Desktop Search
2011-07-19 23:20 . 2011-07-19 23:20 -------- d-----w- c:\program files\ERUNT
2011-07-19 19:11 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-19 19:11 . 2011-06-16 04:17 343000 ----a-w- c:\program files\Mozilla Firefox\nsw10.tmp\nssckbi.dll
2011-07-19 18:09 . 2011-07-19 18:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-19 17:54 . 2011-07-19 17:56 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-19 17:21 . 2011-07-19 18:39 -------- d-----w- C:\$AVG
2011-07-19 17:17 . 2011-07-19 17:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2011-07-19 17:17 . 2011-07-19 17:17 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2011-07-19 11:07 . 2011-07-19 11:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-07-18 21:30 . 2011-07-18 21:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-18 20:08 . 2011-07-18 20:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-18 18:06 . 2011-07-18 18:06 -------- d-----w- c:\documents and settings\Terry\Application Data\AVG9
2011-07-18 18:03 . 2011-07-19 18:09 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2011-07-18 18:03 . 2011-07-19 18:09 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-18 18:03 . 2011-07-19 18:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-18 18:03 . 2011-07-19 18:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-18 18:03 . 2011-07-19 18:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-18 18:02 . 2011-07-28 11:48 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-18 18:02 . 2011-07-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-07-18 18:02 . 2011-07-19 18:07 -------- d-----w- c:\program files\AVG
2011-07-18 18:02 . 2011-07-18 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2011-07-13 00:24 . 2011-07-13 00:24 -------- d-----w- c:\program files\Apple Software Update
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\Terry\Application Data\Apple Computer
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Apple Computer
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\program files\Safari
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\program files\Common Files\Apple
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Apple
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-12 20:17 . 2011-07-12 20:17 -------- d--h--w- c:\windows\PIF
2011-06-29 03:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 23:44 . 2004-08-04 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-07-13 00:50 . 2011-05-06 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-01-24 20:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:17 . 2011-07-19 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll ---
Company: Mozilla Foundation
File Description: NSS Builtin Trusted Root CAs
File Version: 1.81
Product Name: Network Security Services
Copyright:
Original Filename: nssckbi.dll
File size: 343000
Created time: 2011-07-19 19:11
Modified time: 2011-06-16 04:17
MD5: 6689B655EA803BE040D95B8EA913249F
SHA1: AD87EDDF4BA204D463ACF6D2DA1B78B44ED652A0
.
---- Directory of c:\program files\mozilla firefox\nsw10.tmp ----
.
2011-07-19 19:11 . 2011-06-16 04:17 343000 ----a-w- c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_01.05.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-27 16:09 . 2011-07-27 16:09 221184 c:\windows\ERDNT\AutoBackup\7-27-2011\Users\00000002\UsrClass.dat
+ 2011-07-27 16:09 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-27-2011\ERDNT.EXE
+ 2011-07-27 16:09 . 2011-07-27 16:09 6422528 c:\windows\ERDNT\AutoBackup\7-27-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 15:33 2495816 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-07-19 2071904]
.
c:\documents and settings\Terry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-07-19 18:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WatchingService"="c:\program files\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run c:\program files\D-Link\D-Link D-ViewCam\Bin
"hpbdfawep"=c:\program files\HP\Dfawep\bin\hpbdfawep.exe 1
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7/18/2011 2:03 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/18/2011 2:03 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/18/2011 2:03 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/18/2011 2:03 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/19/2011 2:08 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2011 2:09 PM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/19/2011 2:09 PM 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/19/2011 2:09 PM 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/19/2011 1:17 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7/18/2011 2:02 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7/18/2011 2:02 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7/18/2011 2:02 PM 26192]
S1 MpKsl74d7fc77;MpKsl74d7fc77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97E5AD83-E8FE-4081-8D09-7603E147E1D0}\MpKsl74d7fc77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97E5AD83-E8FE-4081-8D09-7603E147E1D0}\MpKsl74d7fc77.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/18/2011 4:08 PM 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/19/2011 1:17 PM 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/26/2011 12:50 PM 41272]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2/20/2002 3:34 AM 72576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = about:blank
mLocal Page = about:blank
mStart Page = about:blank
mWindow Title = McCall's Inc Explorer
TCP: DhcpNameServer = 208.216.228.227 207.230.75.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\y2cvbfxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 20:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(156)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-28 20:40:58
ComboFix-quarantined-files.txt 2011-07-29 00:40
ComboFix2.txt 2011-07-27 01:11
.
Pre-Run: 24,329,723,904 bytes free
Post-Run: 24,325,582,848 bytes free
.
- - End Of File - - D30806CFC2F3495AF3F504F66158AF42
 
Hello Benjie :),

Please post C:\Qoobox\ComboFix-quarantined-files.txt.
 
Last edited:
2011-07-29 00:28:53 . 2011-07-29 00:28:53 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-07-27 01:09:54 . 2011-07-27 01:09:54 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-02178118.sys.reg.dat
2011-07-27 00:53:47 . 2011-07-27 00:53:47 4,116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_WSearch.reg.dat
2011-07-27 00:53:47 . 2011-07-27 00:53:47 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg.dat
2011-07-27 00:51:41 . 2011-07-29 00:34:35 7,866 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-07-27 00:49:23 . 2011-05-06 17:59:30 905 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\OpenOffice.lnk
2011-07-27 00:49:23 . 2011-05-06 16:11:46 724 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
2011-07-27 00:49:23 . 2008-07-15 20:41:05 785 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\iSeries Navigator.lnk
2011-07-27 00:49:23 . 2011-05-06 14:54:21 79 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
2011-07-27 00:49:23 . 2011-06-15 15:36:19 1,729 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
2011-07-27 00:49:23 . 2008-01-24 21:01:08 84 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
2011-07-27 00:49:23 . 2011-05-06 14:54:22 119 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\2\desktop.ini
2011-07-27 00:49:23 . 2011-05-05 20:10:21 875 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 961 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 945 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 951 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 834 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 713 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 729 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 723 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (User-Mode)\Run VNC Server.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 725 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (User-Mode)\Configure User-Mode Settings.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 747 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Unregister VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 735 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Stop VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 737 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Start VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 743 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Register VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 753 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Configure VNC Service.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:30 917 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:30 865 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Writer.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:29 851 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Impress.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:29 791 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Draw.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:29 841 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Calc.lnk
2011-07-27 00:49:23 . 2011-05-06 18:00:12 114 ---ha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\Desktop.ini
2011-07-27 00:49:23 . 2008-02-14 15:13:08 1,680 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird.lnk
2011-07-27 00:49:23 . 2008-02-14 15:13:08 1,702 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird (Safe Mode).lnk
2011-07-27 00:49:23 . 2008-02-14 15:11:52 1,614 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
2011-07-27 00:49:23 . 2008-02-14 15:11:52 1,636 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,667 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Trace Files.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,689 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Start Diagnostic Tools.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 827 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Install Service Pack.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,715 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\History Log.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 903 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Error and Trace Message Help.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 823 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Check Service Level.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 893 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Start or Configure Session.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 900 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Trace Facility.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 912 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Menu-Bar Customization Utility.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 900 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Multiple Sessions.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 912 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Convert Macro.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,714 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Welcome Wizard.lnk
2011-07-27 00:49:23 . 2008-07-15 20:40:41 865 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\User's Guide.lnk
2011-07-27 00:49:22 . 2008-07-15 20:40:25 1,701 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Start Directory Update.lnk
2011-07-27 00:49:22 . 2008-07-15 20:45:17 797 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service Pack Read Me.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:35 1,656 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Selective Setup.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:35 869 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Read Me.lnk
2011-07-27 00:49:22 . 2008-07-15 20:44:08 650 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\ODBC Administration.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:55 1,550 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\iSeries Access for Windows Properties.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:55 1,499 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\iSeries Navigator.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:35 869 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Internet Information.lnk
2011-07-27 00:49:22 . 2008-07-15 20:40:25 785 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Directory Update.lnk
2011-07-27 00:49:22 . 2008-07-15 20:43:51 1,664 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Data Transfer To iSeries Server.lnk
2011-07-27 00:49:22 . 2008-07-15 20:43:51 1,664 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Data Transfer From iSeries Server.lnk
2011-07-27 00:49:22 . 2008-07-15 20:42:11 932 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\AFP Workbench Viewer.lnk
2011-07-27 00:49:22 . 2008-01-24 21:07:22 1,271 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Dell Resource CD.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:07 1,780 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Restore Defaults.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:04 1,838 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Mixer.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:00 1,827 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Diagnostics.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:00 1,818 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Diagnostics Agent.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,602 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,591 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
2011-07-27 00:49:22 . 2008-07-15 20:23:41 1,158 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
2011-07-27 00:49:22 . 2008-07-15 20:23:41 1,107 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,592 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,596 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 476 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,602 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
2011-07-27 00:49:22 . 2008-01-24 20:58:04 1,582 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:32 1,616 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:32 1,753 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:30 1,070 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,591 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
2011-07-27 00:49:22 . 2008-07-15 23:09:56 1,572 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:32 1,532 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 703 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,521 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,528 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,528 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
2011-07-27 00:49:22 . 2011-05-06 13:29:28 1,656 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 146 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:56:24 1,646 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:27 1,640 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
2011-07-27 00:49:22 . 2008-03-05 18:18:33 1,757 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 786 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
2011-07-27 00:49:22 . 2011-05-06 13:29:28 516 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,520 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 90 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 879 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,515 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
2011-07-27 00:49:22 . 2011-05-06 13:27:17 1,585 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,498 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 188 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 609 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
2011-07-27 00:49:22 . 2011-06-15 15:36:19 1,804 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:35 150 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
2011-07-27 00:49:22 . 2011-05-06 16:11:46 730 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
2011-07-27 00:49:22 . 2011-05-06 16:04:42 1,507 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 398 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
2011-07-27 00:49:22 . 2011-05-06 13:27:34 1,563 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
2011-07-27 00:49:22 . 2011-05-06 13:27:34 272 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\desktop.ini
2011-07-13 01:05:22 . 2011-07-29 00:26:23 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-05-27 02:18:44 . 2008-05-27 02:18:44 439,808 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\searchindexer.exe.vir
 
Hello Benjie :),

We need to restore some items from ComboFix. When you are done, I will give you some recommendations on security.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Open Notepad. Copy and paste the following text into it:
    Code: 
    DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\searchindexer.exe.vir 

Quit::
  • Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update, please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, a log will be produced as C:\DeQuarantine.txt. Copy and paste the contents of the log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

For these two files, please rename them and remove the .dat extension:
C:\Qoobox\Quarantine\Registry_backups\Service_WSearch.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg.dat

After the rename, you should get:
C:\Qoobox\Quarantine\Registry_backups\Service_WSearch.reg
C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg

Then, double click on each one of them. You will be prompted about merging information to the registry, please proceed.

--------------------

Please post back:
1. DeQuarantine.txt
 
C:\Qoobox\Quarantine\C\WINDOWS\system32\searchindexer.exe.vir -> C:\WINDOWS\system32\searchindexer.exe ( 439808 bytes )
 
Service_WSearch.reg updated ok.

However, received:
"Cannot import C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg: Error accessing the registry."
 
Hello Benjie :),

I think we can leave the Legacy key alone. Those files that we restored should be good enough to work. In case you have any more problems, please let me know.

Congratulations, you are All Clear to go.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    ComboFix /uninstall
    Click OK.
  • Delete the TDSKiller, aswMBR and MiniRegTool files on your desktop.
  • Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials and Avast are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. If you choose this, please do not install Spybot.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

Stay safe.

Your donation helps in improving Spybot-S&D!
 
You must log in or register to reply here.
Back
Top