Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2010 Removal help Please!


  • This topic is locked This topic is locked
38 replies to this topic

#1 Lillithanne

Lillithanne

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 13 October 2009 - 11:02 PM

Hello, and thanks for taking the time to read this!

I was doing some work on the web this afternoon and before I knew what hit me Antivirus Pro 2010 had attached itself to my computer.

I have run Spybot S& D several times and Malwarebytes twice so far and I'm still infected.

I did a hijack this scan and here is the log.

I would deeply appreciate all the help anyone can offer.

Thanks in advance! :( :(

Here's the Highjack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:19 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199822827078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} (FileProInet2.ImageView) - https://ssl.jpclerkofcourt.us/JeffNetServic...ileProInet2.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Phyllis/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 11110 bytes


Thank you again for your help and please check second post for attachments and additional information!

Edited by Lillithanne, 14 October 2009 - 09:48 AM.


BC AdBot (Login to Remove)

 


#2 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 14 October 2009 - 12:57 AM

Small update:

Just finished a third scan using Malewarebytes and it came back showing no sign of any infection which by the looks of my system is simply not accurate...

I have also done a DDS scan and will attach both logs - (the scan and the secondary attachment log) to this in a zip file.

(weak small voice)...help...please..help me...

: )


DDS (Ver_09-10-13.01) - NTFSx86
Run by Phyllis at 1:51:49.56 on Wed 10/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1269 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: mail.com: {cd292324-974f-4224-ce6f-cc9441768f5d} - c:\progra~1\mail.com\toolbar\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: mail.com: {cd292324-974f-4224-ce6f-cc9441768f5d} - c:\progra~1\mail.com\toolbar\Toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199822827078
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://ssl.jpclerkofcourt.us/JeffNetService/ImageServer/iView2/FileProInet2.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phyllis\applic~1\mozilla\firefox\profiles\r1qcsszw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\phyllis\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\phyllis\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\phyllis\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {11B723D6-3B1E-4746-97D8-8FE15062B264} - c:\documents and settings\phyllis\local settings\application data\{11B723D6-3B1E-4746-97D8-8FE15062B264}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-2 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-2 297752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-1-20 17149]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-26 30192]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2008-3-20 815104]

=============== Created Last 30 ================

2009-10-13 22:34 <DIR> --d----- c:\program files\Trend Micro
2009-10-13 19:34 <DIR> --d----- c:\docume~1\phyllis\applic~1\Malwarebytes
2009-10-13 19:34 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 19:34 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-13 19:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-13 18:52 15,982 a------- c:\docume~1\phyllis\applic~1\ylikihac.vbs
2009-10-13 18:52 15,533 a------- c:\docume~1\phyllis\applic~1\zykelybyfo.exe
2009-10-13 18:52 13,075 a------- c:\docume~1\alluse~1\applic~1\ezigirakim.exe
2009-10-13 18:52 10,505 a------- c:\program files\common files\xeji.bin
2009-10-13 16:35 <DIR> --d----- c:\program files\WinPcap
2009-10-13 16:26 19,722 a------- c:\windows\ipytil._dl
2009-10-13 16:26 18,988 a------- c:\program files\common files\wevezeguf.dat
2009-10-13 16:26 18,704 a------- c:\docume~1\alluse~1\applic~1\onemibuty.bin
2009-10-13 16:26 18,220 a------- c:\docume~1\alluse~1\applic~1\odegotiw.exe
2009-10-13 16:26 17,799 a------- c:\program files\common files\laqoweha.bat
2009-10-13 16:26 16,071 a------- c:\docume~1\alluse~1\applic~1\ykudagal.sys
2009-10-13 16:26 15,609 a------- c:\windows\kocede.com
2009-10-13 16:26 14,634 a------- c:\program files\common files\awolyta.vbs
2009-10-13 16:26 12,430 a------- c:\windows\ilikonyv.dl
2009-10-13 16:26 12,112 a------- c:\windows\ynuru._sy
2009-10-13 16:26 17,115 a------- c:\docume~1\phyllis\applic~1\acity.pif
2009-10-13 16:26 16,227 a------- c:\docume~1\phyllis\applic~1\ifycytif.pif
2009-10-13 16:26 14,784 a------- c:\windows\buhotyl.dll
2009-10-13 16:26 12,572 a------- c:\windows\exido.lib
2009-10-13 16:17 18,073 a------- c:\windows\ebixa.pif
2009-10-13 16:17 16,140 a------- c:\windows\kicuzobyfu.bin
2009-10-13 16:17 10,007 a------- c:\windows\fifa.dll
2009-10-13 16:17 18,581 a------- c:\program files\common files\oxel.com
2009-10-13 16:17 16,870 a------- c:\windows\fadeno.com
2009-10-13 16:17 16,091 a------- c:\windows\system32\igowyragu.bat
2009-10-13 16:17 14,312 a------- c:\windows\system32\ylopeve.reg
2009-10-13 16:17 14,264 a------- c:\windows\limudugax.reg
2009-10-13 16:17 13,708 a------- c:\docume~1\phyllis\applic~1\otaj.dat
2009-10-13 16:17 12,643 a------- c:\windows\rapyleq.scr
2009-10-13 16:17 12,630 a------- c:\docume~1\phyllis\applic~1\eweziwyl.pif
2009-10-13 16:17 10,019 a------- c:\windows\tuzural.inf
2009-10-13 16:11 0 a------- c:\windows\Wjime.bin
2009-10-13 16:11 120 a------- c:\windows\Awemodipokidupa.dat
2009-10-13 16:11 19,931 a------- c:\windows\system32\lobyvel.bat
2009-10-13 16:11 19,226 a------- c:\windows\zaqymy.reg
2009-10-13 16:11 18,262 a------- c:\windows\owibikax.exe
2009-10-13 16:11 18,035 a------- c:\windows\abybyqod.lib
2009-10-13 16:11 17,907 a------- c:\windows\hodetofyzi.inf
2009-10-13 16:11 17,607 a------- c:\windows\nolijazav.dat
2009-10-13 16:11 16,688 a------- c:\windows\ucutak.pif
2009-10-13 16:11 15,977 a------- c:\docume~1\alluse~1\applic~1\upafuky.scr
2009-10-13 16:11 13,503 a------- c:\windows\system32\qequhij.db
2009-10-13 16:11 12,660 a------- c:\windows\system32\uhatu.dl
2009-10-13 16:11 10,355 a------- c:\windows\system32\yxago.bin
2009-10-13 16:07 94,432 ac------ c:\windows\system32\dllcache\agp440.sys
2009-10-11 21:44 76,784 a---h--- c:\windows\system32\mlfcache.dat
2009-10-09 11:43 <DIR> --d----- c:\program files\iPod
2009-10-09 11:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-09 11:43 <DIR> --d----- c:\program files\iTunes
2009-10-04 19:12 <DIR> --d----- c:\program files\common files\Control Panels
2009-10-04 19:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-10-04 18:51 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2009-10-04 18:51 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-10-04 18:39 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-09-14 09:08 <DIR> --d----- c:\docume~1\phyllis\applic~1\Stardock
2009-09-14 09:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
2009-09-14 09:07 <DIR> --d----- c:\program files\Stardock
2009-09-14 09:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Stardock
2009-09-14 09:06 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}
2009-09-14 09:06 <DIR> --d----- c:\program files\Stardock Games

==================== Find3M ====================

2009-10-13 19:00 94,432 a------- c:\windows\system32\drivers\agp440.sys
2009-10-13 18:52 19,921 a------- c:\windows\system32\fiqele.exe
2009-10-13 18:52 19,117 a------- c:\windows\system32\ubybos.com
2009-10-13 18:52 19,102 a------- c:\program files\common files\hecunud.ban
2009-10-13 18:52 18,149 a------- c:\windows\system32\wuqejyqur.bin
2009-10-13 18:52 15,477 a------- c:\windows\ifadare.dll
2009-10-13 18:52 14,587 a------- c:\windows\ocyqev.dll
2009-10-13 18:52 14,299 a------- c:\windows\xocuc.bin
2009-10-13 18:52 12,809 a------- c:\windows\system32\yrebiluvoj.dat
2009-10-13 18:52 10,964 a------- c:\windows\guxo.scr
2009-10-13 18:52 10,621 a------- c:\windows\icyxez.dat
2009-10-13 16:26 17,175 a------- c:\program files\common files\selugyboq.lib
2009-10-13 16:26 13,114 a------- c:\program files\common files\ajewah.dl
2009-10-13 16:26 18,745 a------- c:\program files\common files\zewi.ban
2009-10-13 16:26 17,473 a------- c:\program files\common files\celepoxyri.db
2009-10-13 16:26 11,124 a------- c:\program files\common files\xypuxaveba._dl
2009-10-13 16:17 18,415 a------- c:\program files\common files\taryhyzu.dl
2009-10-13 16:17 11,265 a------- c:\program files\common files\jetuc.lib
2009-08-28 08:13 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 08:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-01 10:45 70,984 a------- c:\documents and settings\phyllis\g2mdlhlpx.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 19:17 34 a------- c:\documents and settings\phyllis\jagex_runescape_preferences.dat
2009-07-07 03:36 139,152 a------- c:\docume~1\phyllis\applic~1\PnkBstrK.sys
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE
2008-09-17 14:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 1:52:08.82 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/8/2008 1:35:19 PM
System Uptime: 10/13/2009 10:16:34 PM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-SLI DELUXE
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3013/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 6.505 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&39414771&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&39414771&0&00
Service: NVENETFD

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&20F173B0&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&20F173B0&0&00
Service: NVENETFD

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro L7600
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\PRINTER\0000
Service:

==== System Restore Points ===================

RP532: 7/16/2009 11:40:16 AM - System Checkpoint
RP533: 7/17/2009 3:45:59 PM - System Checkpoint
RP534: 7/18/2009 12:57:04 PM - Avg8 Update
RP535: 7/19/2009 1:12:01 PM - System Checkpoint
RP536: 7/20/2009 2:15:11 PM - System Checkpoint
RP537: 7/21/2009 2:45:21 PM - System Checkpoint
RP538: 7/22/2009 3:16:23 PM - System Checkpoint
RP539: 7/23/2009 1:19:00 AM - Software Distribution Service 3.0
RP540: 7/24/2009 1:56:06 PM - System Checkpoint
RP541: 7/25/2009 4:51:14 PM - System Checkpoint
RP542: 7/26/2009 5:48:03 PM - System Checkpoint
RP543: 7/27/2009 4:32:22 PM - Software Distribution Service 3.0
RP544: 7/28/2009 4:59:49 PM - System Checkpoint
RP545: 7/28/2009 11:45:08 PM - Software Distribution Service 3.0
RP546: 7/29/2009 11:47:06 PM - System Checkpoint
RP547: 7/30/2009 11:52:44 PM - System Checkpoint
RP548: 7/31/2009 5:14:57 PM - Software Distribution Service 3.0
RP549: 8/1/2009 8:44:40 PM - System Checkpoint
RP550: 8/2/2009 9:27:54 PM - System Checkpoint
RP551: 8/3/2009 10:37:25 PM - System Checkpoint
RP552: 8/4/2009 10:51:05 PM - System Checkpoint
RP553: 8/6/2009 10:17:05 AM - System Checkpoint
RP554: 8/7/2009 12:14:18 PM - System Checkpoint
RP555: 8/8/2009 2:52:36 PM - System Checkpoint
RP556: 8/9/2009 5:48:23 PM - System Checkpoint
RP557: 8/10/2009 12:02:31 AM - Installed Windows Media Player 11
RP558: 8/10/2009 12:03:01 AM - Installed Windows XP Media Center Edition 2005 KB925766.
RP559: 8/10/2009 12:04:24 AM - Installed Windows XP MSCompPackV1.
RP560: 8/11/2009 8:22:35 AM - System Checkpoint
RP561: 8/12/2009 1:43:33 PM - System Checkpoint
RP562: 8/13/2009 1:46:58 AM - Software Distribution Service 3.0
RP563: 8/14/2009 6:33:31 PM - System Checkpoint
RP564: 8/15/2009 2:28:27 AM - Software Distribution Service 3.0
RP565: 8/15/2009 7:24:59 AM - Printer Driver Microsoft XPS Document Writer Installed
RP566: 8/16/2009 3:00:14 AM - Software Distribution Service 3.0
RP567: 8/17/2009 4:14:08 PM - System Checkpoint
RP568: 8/18/2009 5:43:55 PM - System Checkpoint
RP569: 8/19/2009 6:33:46 PM - System Checkpoint
RP570: 8/21/2009 2:26:35 AM - System Checkpoint
RP571: 8/22/2009 7:22:05 AM - System Checkpoint
RP572: 8/23/2009 9:16:09 AM - System Checkpoint
RP573: 8/24/2009 9:41:43 AM - Installed Java™ 6 Update 15
RP574: 8/25/2009 10:10:19 AM - System Checkpoint
RP575: 8/26/2009 10:38:09 AM - System Checkpoint
RP576: 8/27/2009 1:04:24 AM - Software Distribution Service 3.0
RP577: 8/28/2009 7:05:27 AM - System Checkpoint
RP578: 8/28/2009 8:13:08 AM - Avg8 Update
RP579: 8/28/2009 8:13:50 AM - Avg8 Update
RP580: 8/29/2009 11:53:39 AM - System Checkpoint
RP581: 8/30/2009 2:06:11 PM - System Checkpoint
RP582: 8/31/2009 10:33:16 PM - System Checkpoint
RP583: 9/2/2009 12:43:31 AM - System Checkpoint
RP584: 9/2/2009 2:56:56 AM - Software Distribution Service 3.0
RP585: 9/3/2009 4:37:54 PM - System Checkpoint
RP586: 9/4/2009 6:05:47 PM - System Checkpoint
RP587: 9/5/2009 7:42:02 PM - System Checkpoint
RP588: 9/6/2009 7:54:16 PM - System Checkpoint
RP589: 9/7/2009 8:19:50 PM - System Checkpoint
RP590: 9/8/2009 9:55:40 PM - System Checkpoint
RP591: 9/9/2009 9:56:50 PM - System Checkpoint
RP592: 9/10/2009 12:36:33 AM - Software Distribution Service 3.0
RP593: 9/11/2009 7:09:32 AM - System Checkpoint
RP594: 9/12/2009 8:35:21 AM - System Checkpoint
RP595: 9/13/2009 2:51:42 PM - System Checkpoint
RP596: 9/14/2009 9:05:34 AM - Installed DirectX
RP597: 9/15/2009 10:25:24 AM - System Checkpoint
RP598: 9/16/2009 8:10:56 PM - System Checkpoint
RP599: 9/17/2009 8:42:14 PM - System Checkpoint
RP600: 9/18/2009 9:20:44 PM - System Checkpoint
RP601: 9/19/2009 9:25:22 PM - System Checkpoint
RP602: 9/20/2009 10:01:54 PM - System Checkpoint
RP603: 9/21/2009 10:57:29 PM - System Checkpoint
RP604: 9/23/2009 8:09:59 AM - System Checkpoint
RP605: 9/24/2009 1:10:58 PM - System Checkpoint
RP606: 9/25/2009 2:06:36 PM - System Checkpoint
RP607: 9/26/2009 9:44:51 PM - System Checkpoint
RP608: 9/28/2009 12:15:56 AM - System Checkpoint
RP609: 9/29/2009 12:23:51 PM - System Checkpoint
RP610: 9/30/2009 1:06:45 PM - System Checkpoint
RP611: 10/1/2009 2:55:52 PM - System Checkpoint
RP612: 10/2/2009 10:00:57 PM - System Checkpoint
RP613: 10/2/2009 10:48:37 PM - Software Distribution Service 3.0
RP614: 10/3/2009 11:14:32 PM - System Checkpoint
RP615: 10/4/2009 6:56:57 PM - Printer Driver Adobe PDF Converter Installed
RP616: 10/5/2009 9:23:35 AM - Avg8 Update
RP617: 10/5/2009 9:25:04 AM - Avg8 Update
RP618: 10/6/2009 9:49:18 AM - System Checkpoint
RP619: 10/7/2009 9:45:31 AM - Avg8 Update
RP620: 10/8/2009 11:33:44 AM - System Checkpoint
RP621: 10/9/2009 2:48:30 PM - System Checkpoint
RP622: 10/10/2009 4:50:15 PM - System Checkpoint
RP623: 10/11/2009 8:09:41 PM - System Checkpoint
RP624: 10/9/2009 3:48:00 PM - System Checkpoint
RP625: 10/12/2009 10:10:10 PM - System Checkpoint
RP626: 10/13/2009 2:49:37 AM - Software Distribution Service 3.0
RP627: 10/13/2009 4:24:40 PM - Restore Operation

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7500_7600_7700_Help
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Premiere Pro 2.0
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 8.5
Battlefield Heroes
BIAS SoundSoap PE 2.1
Blog Content Wizard
Bonjour
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CamStudio
Critical Update for Windows Media Player 11 (KB959772)
Crysis®
Destinations
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DriverAgent Plugin for Netscape by TouchStone Software
DScaler 4.1.15
DVD-MovieAlbumSE 4.3
Fax
FinalBurner Free v2.12.0.160
GameSpy Comrade
Google Chrome
Google Desktop
Google Talk (remove only)
Google Talk Plugin
GoToMeeting 4.1.0.366
Hauppauge WinTV
Hauppauge WinTV DVB-T Radio for MCE2005
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Impulse
InstantShareDevicesMFC
InterVideo FilterSDK for Hauppauge
iTunes
Java™ 6 Update 15
Java™ 6 Update 7
LightScribe 1.4.136.1
LimeWire 5.1.2
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
Mail.com Alert
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Move Media Player
Mozilla Firefox (3.0.8)
MPM
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Myst for Windows 95
nanoPEG-Editor 2.6.0 for WinTV
Nero 7 Essentials
NetDeviceManager
NVIDIA Drivers
PanoStandAlone
PDF Settings
PhotoScape
Pinnacle Instant DVD Recorder
proDAD Vitascene 1.0
ProductContext
PunkBuster Services
QuickTime
RealPlayer
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sins of a Solar Empire
Skypeāā€˛¢ 3.8
Software for DVD Video Camera
SolutionCenter
SPOREāā€˛¢
Spybot - Search & Destroy
Status
Studio 11
Studio Ultimate
System Requirements Lab
TeamSpeak 2 RC2
TI Connect 1.6
Toolbox
TrayApp
TweetDeck
Ulead DVD MovieFactory 3 SE
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Ventrilo Server
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Yahoo! Desktop Login
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/9/2009 1:14:29 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +259199 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working properly.
10/13/2009 5:39:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/13/2009 5:32:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM AvgLdx86 AvgMfx86 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/13/2009 5:32:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 5:32:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 5:32:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 5:32:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 5:32:03 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 5:32:03 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 5:31:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

Attached Files


Edited by farbar, 21 October 2009 - 01:09 AM.
Opened the ziped file and posted the content


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:21 PM

Posted 21 October 2009 - 01:15 AM

Hi Lillithanne,

Welcome to BC HijackThis forum and apologies for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

  • Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#4 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 12:51 AM

Dearest Farbar,

Overjoyed to hear from you!

I will do as you have requested; perform the scans and post logs, making no changes once we begin. I hope to have all information for you within the next few hours or by tomorrow afternoon(US Central time) at the latest.

I look forward to working together with you in solving this problem. :(

I'm so grateful for your help! :( :) :)

Thank you so very much for answer my plea and I hope this finds you well. I look forward to speaking with you soon!

Very Sincerely,

Lillithanne

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:21 PM

Posted 22 October 2009 - 02:32 AM

Hello Lillithanne,

We are in no rush, please take your time and post the logs when ready. :(

#6 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 04:39 AM

Dear Farbar,

Hello again!

Here are the logs for both scans as you requested. I have attached them both in file form as the combofix log is rather long. I thought that might be preferable to you.

I'm anxious to solve this problem as I'm sure you can appreciate! I look forward to our communicating and resolving this quickly.

I hope you're having a wonderful day!

It's very late here, almost 4:30 AM. I believe we have approximately a 6 or 7 hour time difference? That would make it just about noon your time? If so I hope you have a very good lunch! : )

Please let me know whatever you may need and I'll do my very best to respond quickly and effectively.

Thanks very much!

Lil

Attached Files



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:21 PM

Posted 22 October 2009 - 07:03 AM

Hi again,

Please copy and paste the logs instead of attaching them. Thanks.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p (LimeWire, uTorrent, Kazaa, etc...) download folders. They might contain infected files. Please uninstall or avoid using these p2p applications and configure them not to start with Windows until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/264267/antivirus-pro-2010-removal-help-please/
    
    Collect::
    c:\windows\system32\ubybos.com
    c:\windows\system32\yrebiluvoj.dat
    c:\windows\icyxez.dat
    c:\program files\Common Files\wevezeguf.dat
    c:\windows\kocede.com
    c:\windows\fadeno.com
    c:\windows\Wjime.bin
    c:\windows\Awemodipokidupa.dat
    c:\windows\nolijazav.dat
    c:\program files\Common Files\selugyboq.lib
    c:\program files\Common Files\celepoxyri.db
    c:\program files\Common Files\jetuc.lib
    c:\documents and settings\Phyllis\Application Data\otaj.dat
    c:\windows\system32\mlfcache.dat
    c:\documents and settings\Phyllis\Start Menu\Programs\Startup\ikowin32.exe
    File::
    c:\windows\pss\ikowin32.exeStartup
    Folder::
    c:\documents and settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}
    c:\windows\system32\config\systemprofile\IETldCache
    
    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^Phyllis^Start Menu^Programs^Startup^ikowin32.exe]
    Firefox::
    FF - HiddenExtension: XULRunner: {11B723D6-3B1E-4746-97D8-8FE15062B264} - c:\documents and settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


#8 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 02:54 PM

Good Afternoon!

Well, I did exactly as you requested and this is what the log says: Upload was successful

That's it...nothing else was logged or shown in the log text file anyway...

I presume the upload was sent to you? As I did see the notice saying files had to be submitted for further investigation... or something close to that.

Also, do you need me to repost those other logs into a document, or were those files sufficient and just post any future logs into responses?

I understand about the peer to peer and I'm not crazy about them either. My son has been fooling around with those programs but I'll see to it.

To be honest, the infection happened while I was working on compiling information about a clickbank site that must have been infected. Before I knew what happened and without my doing anything the virus was all over my screen. At least that's how it seemed. I had clicked the link for the site I wanted to check out the from clickbank...turned to have a conversation and when I looked back, there was the virus... all over the place! : )

Anyway, I'll anxiously wait to hear back from you regarding all... and please let me know if you want me to resend those other log files.

Have a great day!

#9 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 03:13 PM

P. S.

I also wanted to mention that since the infection I've noticed a change in how my MS word files are saved. There is a different extension and I don't think I can save as a .txt document any more. All documents want to save with a .docx at the end now.

And, Antivirus pro 2010 is still showing up in the start up menu.

You may know this already, but I just wanted to mention it to you and be sure you're aware. Especially about the word documents.

Thanks again!
Talk to you later!

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:21 PM

Posted 22 October 2009 - 03:50 PM

Thanks for the feedback.

We will attend to the MS word later on and fix any remaining issue.

I would like to see if there is a ComboFix log and see if those files are deleted.

Please go to start -> Run.Copy and paste the bold lines one by one in the run-box and click OK:

c:\combofix.txt
C:\QooBox\ComboFix-quarantined-files.txt


Each time a text file opens up, copy and paste the content to your reply.

#11 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 05:38 PM

Okie Dokie... here's the info! :(


ComboFix 09-10-20.03 - Phyllis 10/22/2009 14:27.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1477 [GMT -5:00]
Running from: c:\documents and settings\Phyllis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Phyllis\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\pss\ikowin32.exeStartup"

file zipped: c:\documents and settings\Phyllis\Application Data\otaj.dat
file zipped: c:\program files\Common Files\celepoxyri.db
file zipped: c:\program files\Common Files\jetuc.lib
file zipped: c:\program files\Common Files\selugyboq.lib
file zipped: c:\program files\Common Files\wevezeguf.dat
file zipped: c:\windows\Awemodipokidupa.dat
file zipped: c:\windows\fadeno.com
file zipped: c:\windows\icyxez.dat
file zipped: c:\windows\kocede.com
file zipped: c:\windows\nolijazav.dat
file zipped: c:\windows\system32\mlfcache.dat
file zipped: c:\windows\system32\ubybos.com
file zipped: c:\windows\system32\yrebiluvoj.dat
file zipped: c:\windows\Wjime.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Phyllis\Application Data\otaj.dat
c:\documents and settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}
c:\documents and settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\chrome.manifest
c:\documents and settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\chrome\content\_cfg.js
c:\documents and settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\install.rdf
c:\program files\Common Files\celepoxyri.db
c:\program files\Common Files\jetuc.lib
c:\program files\Common Files\selugyboq.lib
c:\program files\Common Files\wevezeguf.dat
c:\windows\Awemodipokidupa.dat
c:\windows\fadeno.com
c:\windows\icyxez.dat
c:\windows\kocede.com
c:\windows\nolijazav.dat
c:\windows\system32\config\systemprofile\IETldCache
c:\windows\system32\config\systemprofile\IETldCache\index.dat
c:\windows\system32\mlfcache.dat
c:\windows\system32\ubybos.com
c:\windows\system32\yrebiluvoj.dat
c:\windows\Wjime.bin

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-21 21:03 . 2009-10-21 21:05 -------- d-----w- c:\documents and settings\Phyllis\Application Data\avidemux
2009-10-21 21:03 . 2009-10-21 21:03 -------- d-----w- c:\temp\dvd-cache
2009-10-21 21:03 . 2009-10-21 21:03 -------- d-----w- c:\documents and settings\Phyllis\.thumb
2009-10-21 21:01 . 2009-10-21 21:01 -------- d-----w- c:\program files\K-Lite Video Conversion Pack
2009-10-21 20:53 . 2009-10-21 20:53 -------- d-----w- c:\documents and settings\Phyllis\Application Data\Media Player Classic
2009-10-21 20:50 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-21 20:50 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-21 20:50 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-21 20:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-21 20:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-21 20:50 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-21 20:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-21 20:50 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-21 20:50 . 2009-10-21 20:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-21 20:38 . 2009-10-21 20:46 -------- d-----w- c:\program files\ffdshow
2009-10-21 19:43 . 2009-10-22 09:20 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-19 23:31 . 2009-10-19 23:31 -------- d-----w- c:\program files\uTorrent
2009-10-19 23:30 . 2009-10-22 18:17 -------- d-----w- c:\documents and settings\Phyllis\Application Data\uTorrent
2009-10-16 01:13 . 2009-10-16 01:13 -------- d-----w- c:\program files\TweetDeck
2009-10-15 23:57 . 2009-10-15 23:57 -------- d-----w- c:\program files\Harmonix Music Systems
2009-10-15 23:56 . 2008-03-05 20:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-10-15 23:56 . 2008-02-06 04:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-10-15 23:56 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-10-15 23:56 . 2009-10-15 23:56 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-15 23:56 . 2009-10-15 23:56 -------- d-----w- c:\windows\system32\xlive
2009-10-15 23:55 . 2009-10-15 23:55 -------- d-----w- c:\documents and settings\Phyllis\Application Data\Harmonix Music Systems
2009-10-15 23:44 . 2009-10-16 14:33 -------- d-----w- c:\documents and settings\Phyllis\Application Data\REAPER
2009-10-15 23:43 . 2009-10-15 23:44 -------- d-----w- c:\program files\REAPER
2009-10-14 03:34 . 2009-10-14 03:34 -------- d-----w- c:\program files\Trend Micro
2009-10-14 00:34 . 2009-10-14 00:34 -------- d-----w- c:\documents and settings\Phyllis\Application Data\Malwarebytes
2009-10-14 00:34 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 00:34 . 2009-10-14 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 00:34 . 2009-10-14 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 00:34 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 16:43 . 2009-10-09 16:43 -------- d-----w- c:\program files\iPod
2009-10-09 16:43 . 2009-10-09 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-09 16:43 . 2009-10-09 16:43 -------- d-----w- c:\program files\iTunes
2009-10-07 05:52 . 2009-10-15 00:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-10-06 23:44 . 2009-10-13 23:48 -------- d-----w- c:\documents and settings\Phyllis\Local Settings\Application Data\Temp
2009-10-05 00:16 . 2009-10-05 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-05 00:12 . 2009-10-05 00:12 -------- d-----w- c:\program files\Common Files\Control Panels
2009-10-05 00:10 . 2009-10-05 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-10-04 23:51 . 2007-02-20 21:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-10-04 23:51 . 2007-02-20 21:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-10-04 23:39 . 2009-10-04 23:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-25 17:20 . 2009-09-25 17:20 368640 ----a-w- c:\windows\system32\ReWire.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 09:20 . 2008-02-18 23:34 -------- d-----w- c:\program files\DivX
2009-10-21 17:34 . 2008-06-03 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-20 06:34 . 2008-01-08 20:57 99672 ----a-w- c:\documents and settings\Phyllis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 02:26 . 2008-01-08 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-20 02:14 . 2008-02-05 04:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 16:45 . 2008-08-24 17:19 -------- d-----w- c:\documents and settings\Phyllis\Application Data\U3
2009-10-15 08:09 . 2008-01-12 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 07:52 . 2008-01-12 02:55 -------- d-----w- c:\program files\Microsoft Works
2009-10-12 06:03 . 2008-09-15 02:30 -------- d-----w- c:\documents and settings\Phyllis\Application Data\LimeWire
2009-10-09 19:07 . 2008-03-11 16:19 -------- d-----w- c:\documents and settings\Phyllis\Application Data\Apple Computer
2009-10-09 16:43 . 2008-10-20 20:38 -------- d-----w- c:\program files\Common Files\Apple
2009-10-09 16:42 . 2008-06-12 23:45 -------- d-----w- c:\program files\QuickTime
2009-10-04 05:13 . 2008-02-01 20:30 -------- d-----w- c:\documents and settings\Phyllis\Application Data\Move Networks
2009-09-14 14:08 . 2009-09-14 14:08 -------- d-----w- c:\documents and settings\Phyllis\Application Data\Stardock
2009-09-14 14:07 . 2009-09-14 14:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}
2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\Stardock
2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 17:54 . 2008-01-09 05:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 11:26 . 2008-10-03 23:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 13:13 . 2008-06-03 04:48 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:13 . 2008-06-03 04:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:13 . 2008-01-08 20:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 14:41 . 2008-08-31 21:05 -------- d-----w- c:\program files\Java
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2008-01-08 19:31 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2008-01-08 19:31 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2008-01-08 20:07 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2008-01-08 19:31 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2008-01-08 19:31 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2008-01-08 19:31 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-01-12 03:47 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-01-12 03:47 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2008-01-08 19:31 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-10 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-01 15:45 . 2009-08-01 15:45 70984 ----a-w- c:\documents and settings\Phyllis\g2mdlhlpx.exe
2009-07-25 10:23 . 2009-02-09 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2002-07-26 22:02 . 2008-09-13 22:52 153088 ----a-w- c:\program files\UNWISE.EXE
2008-11-26 07:04 . 2008-11-26 07:04 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-22_09.22.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-10 12:00 . 2009-10-21 17:37 78958 c:\windows\system32\perfc009.dat
+ 2004-08-10 12:00 . 2009-10-22 18:57 78958 c:\windows\system32\perfc009.dat
+ 2004-08-10 12:00 . 2009-10-22 18:57 465072 c:\windows\system32\perfh009.dat
- 2004-08-10 12:00 . 2009-10-21 17:37 465072 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD292324-974F-4224-CE6F-CC9441768F5D}]
2007-05-15 21:15 629288 ----a-w- c:\progra~1\mail.com\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{CD292324-974F-4224-CE6F-CC9441768F5D}"= "c:\progra~1\mail.com\Toolbar\Toolbar.dll" [2007-05-15 629288]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-ce6f-cc9441768f5d}]
[HKEY_CLASSES_ROOT\Toolbar.mail.com]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{CD292324-974F-4224-CE6F-CC9441768F5D}"= "c:\progra~1\mail.com\Toolbar\Toolbar.dll" [2007-05-15 629288]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-ce6f-cc9441768f5d}]
[HKEY_CLASSES_ROOT\Toolbar.mail.com]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Phyllis^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Phyllis\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Phyllis^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\documents and settings\Phyllis\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Phyllis^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Phyllis\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Phyllis\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Phyllis\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Phyllis\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"7018:TCP"= 7018:TCP:BitComet 7018 TCP
"7018:UDP"= 7018:UDP:BitComet 7018 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/2/2008 11:48 PM 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/2/2008 11:48 PM 297752]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/20/2008 8:11 PM 17149]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/26/2008 2:04 AM 30192]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [3/20/2008 7:25 PM 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-688789844-839522115-1003Core.job
- c:\documents and settings\Phyllis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 14:55]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-688789844-839522115-1003UA.job
- c:\documents and settings\Phyllis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 14:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://ssl.jpclerkofcourt.us/JeffNetService/ImageServer/iView2/FileProInet2.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - c:\documents and settings\Phyllis\Application Data\Mozilla\Firefox\Profiles\r1qcsszw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-688789844-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:8a,75,9d,07,6a,90,92,cf,ec,4a,09,c9,1d,92,77,64,6e,f2,3b,3d,e4,
c2,22,12,52,29,2e,ba,47,03,95,3a,03,e0,c9,63,ef,18,06,77,00,32,bb,7b,97,21,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-10-22 14:38
ComboFix-quarantined-files.txt 2009-10-22 19:37
ComboFix2.txt 2009-10-22 09:28

Pre-Run: 35,300,360,192 bytes free
Post-Run: 35,380,572,160 bytes free

- - End Of File - - 2ADAAC903BD15D52282768C9F4A66576
Upload was successful

Here is the other log:



2009-10-22 19:27:53 . 2009-10-22 19:27:54 182,422 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-10-22_14.27.29.zip
2009-10-22 09:18:04 . 2009-10-22 09:18:04 2,418 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_npf.reg.dat
2009-10-22 09:18:04 . 2009-10-22 09:18:04 1,372 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2009-10-22 09:17:52 . 2009-10-22 19:33:03 12,446 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-10-22 09:09:25 . 2009-10-22 19:27:29 133 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-10-13 23:52:16 . 2009-10-13 23:52:16 12,809 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yrebiluvoj.dat.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 19,117 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ubybos.com.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 19,196 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\keqinoraty.ban.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 13,300 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\kydijal.bat.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 12,333 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\vyqocatoqa.dl.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 10,803 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\itum.dl.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 14,854 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ekiwabubex.inf.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 10,964 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\guxo.scr.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 15,477 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ifadare.dll.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 13,717 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ynesesus.ban.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 13,075 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\ezigirakim.exe.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 10,621 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\icyxez.dat.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 19,134 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wasixipo.inf.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 17,487 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ocifevisa.dl.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 19,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\hecunud.ban.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 10,505 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\xeji.bin.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 14,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\xocuc.bin.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 12,117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\rivatyta.bin.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 19,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\jive.ban.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 14,587 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ocyqev.dll.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 17,137 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ejuce.inf.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 19,921 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fiqele.exe.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 15,533 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\zykelybyfo.exe.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 13,639 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\ajumeta.sys.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 18,149 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wuqejyqur.bin.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 15,982 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\ylikihac.vbs.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 14,089 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\owucadob.sys.vir
2009-10-13 23:52:16 . 2009-10-13 23:52:16 17,947 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\kywal.dl.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 18,988 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\wevezeguf.dat.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 18,704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\onemibuty.bin.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 12,430 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ilikonyv.dl.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 13,114 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\ajewah.dl.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 16,884 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\nafyp._dl.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 18,220 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\odegotiw.exe.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 16,071 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\ykudagal.sys.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 14,634 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\awolyta.vbs.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 17,175 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\selugyboq.lib.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 19,722 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ipytil._dl.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 16,542 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\dasih._sy.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 17,799 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\laqoweha.bat.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 15,609 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kocede.com.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 12,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ynuru._sy.vir
2009-10-13 21:26:16 . 2009-10-13 21:26:16 18,691 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\jukujopi.com.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 10,165 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\kipu.lib.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 14,954 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\tigezysy.dll.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 17,473 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\celepoxyri.db.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 11,124 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\xypuxaveba._dl.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 18,745 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\zewi.ban.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 17,115 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\acity.pif.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 11,339 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\fuwex._sy.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 16,227 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\ifycytif.pif.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 12,261 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\uvyrobahur.inf.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 17,504 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\abymo.dat.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 19,835 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\aramunab.sys.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 11,357 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\nybaduquz.dl.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 16,343 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\ygidati.dl.vir
2009-10-13 21:26:15 . 2009-10-13 21:26:15 14,784 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\buhotyl.dll.vir
2009-10-13 21:24:41 . 2009-10-13 21:24:17 16,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\IETldCache\index.dat.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 14,949 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\etus.dll.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 12,892 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\musuwedis.lib.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 11,265 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\jetuc.lib.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 18,073 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ebixa.pif.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 16,140 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kicuzobyfu.bin.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 15,973 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\tovu.bat.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 18,415 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\taryhyzu.dl.vir
2009-10-13 21:17:27 . 2009-10-13 21:17:27 10,007 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\fifa.dll.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 13,896 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\ehucy._dl.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 12,630 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\eweziwyl.pif.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 13,708 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\otaj.dat.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 18,572 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data\tulaleby.inf.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 15,677 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\iryr.reg.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 10,135 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\alybizyg.dll.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 13,852 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\ugogojep.dat.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 18,581 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\oxel.com.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 10,019 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\tuzural.inf.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 16,091 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igowyragu.bat.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 19,053 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\punujime._dl.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 15,026 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\xagarufog.dll.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 18,175 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\pusure.dll.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 13,498 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\roziturixy.reg.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 15,265 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\betetyqudi.com.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 16,870 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\fadeno.com.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 14,264 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\limudugax.reg.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 12,643 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\rapyleq.scr.vir
2009-10-13 21:17:26 . 2009-10-13 21:17:26 14,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ylopeve.reg.vir
2009-10-13 21:11:08 . 2009-10-13 21:11:08 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Wjime.bin.vir
2009-10-13 21:11:05 . 2009-10-13 21:11:05 120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Awemodipokidupa.dat.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 15,977 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\upafuky.scr.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 14,360 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\axyjofi.bat.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 16,311 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\igunedyzal.vbs.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 17,907 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\hodetofyzi.inf.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 19,931 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lobyvel.bat.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 16,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ucutak.pif.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 13,196 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\cujod.inf.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 14,371 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\giba.inf.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 19,226 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\zaqymy.reg.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 15,866 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\ikozixuj._sy.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 12,660 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uhatu.dl.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 15,278 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\ahir.reg.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 17,607 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\nolijazav.dat.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 18,262 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\owibikax.exe.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 10,355 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yxago.bin.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 12,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\esyqysona.com.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 11,971 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\webew.inf.vir
2009-10-13 21:11:03 . 2009-10-13 21:11:03 17,963 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files\exeqyh.scr.vir
2009-10-13 21:10:59 . 2009-10-13 21:11:00 2,018 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\chrome\content\_cfg.js.vir
2009-10-13 21:10:59 . 2009-10-13 21:11:00 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\install.rdf.vir
2009-10-13 21:10:59 . 2009-10-13 21:10:59 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\chrome.manifest.vir
2009-10-12 02:44:55 . 2009-10-12 02:44:55 76,784 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mlfcache.dat.vir
2008-11-20 20:48:44 . 2008-11-20 20:48:44 5,097,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\25a5275.msp.vir
2008-09-07 02:17:48 . 2009-10-14 00:00:37 94,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\agp440.sys.vir
2008-03-11 12:38:18 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
2008-01-08 20:53:32 . 2006-07-10 21:00:46 426 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\OEMINFO.INI.vir
2007-11-15 20:30:48 . 2007-11-15 20:30:48 92,792 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\rpcapd.exe.vir
2007-11-15 20:30:48 . 2007-11-15 20:30:48 88,696 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll.vir
2007-11-15 20:30:48 . 2007-11-15 20:30:48 68,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir
2007-11-15 20:30:48 . 2007-11-15 20:30:48 240,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2007-11-15 20:30:48 . 2007-11-15 20:30:48 34,064 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2006-04-22 23:00:10 . 2006-04-22 23:00:10 53,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir

Please let me know what ever I can do to assist and thank you again so much!

Talk to you soon!
:(

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:21 PM

Posted 22 October 2009 - 05:52 PM

Thank you. Those files are uploaded and removed. We would like to take a look at one of those folders and add it to the detection.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c dir /a/s "C:\Qoobox\Quarantine" > log.txt&log.txt& del log.txt

A text file (log.txt) will be opened. Please post its content to your reply.

#13 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 06:07 PM

Volume in drive C has no label.
Volume Serial Number is CCC7-89B1

Directory of C:\Qoobox\Quarantine

10/22/2009 02:38 PM <DIR> .
10/22/2009 02:38 PM <DIR> ..
10/22/2009 04:14 AM <DIR> C
10/22/2009 02:27 PM 133 catchme.log
10/22/2009 02:36 PM <DIR> Registry_backups
10/22/2009 02:38 PM 204,371 [4]-Submit_2009-10-22_14.27.29.zip
2 File(s) 204,504 bytes

Directory of C:\Qoobox\Quarantine\C

10/22/2009 04:14 AM <DIR> .
10/22/2009 04:14 AM <DIR> ..
10/22/2009 04:18 AM <DIR> Documents and Settings
10/22/2009 04:18 AM <DIR> Program Files
10/22/2009 02:35 PM <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/22/2009 04:18 AM <DIR> All Users
10/22/2009 04:18 AM <DIR> Phyllis
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\All Users

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/22/2009 04:18 AM <DIR> Application Data
10/22/2009 04:18 AM <DIR> Documents
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/13/2009 06:52 PM 13,075 ezigirakim.exe.vir
10/13/2009 04:26 PM 11,339 fuwex._sy.vir
10/13/2009 04:26 PM 16,884 nafyp._dl.vir
10/13/2009 04:26 PM 18,220 odegotiw.exe.vir
10/13/2009 04:26 PM 18,704 onemibuty.bin.vir
10/13/2009 04:11 PM 15,977 upafuky.scr.vir
10/13/2009 04:26 PM 16,071 ykudagal.sys.vir
7 File(s) 110,270 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/13/2009 04:11 PM 14,360 axyjofi.bat.vir
10/13/2009 04:11 PM 13,196 cujod.inf.vir
10/13/2009 04:11 PM 14,371 giba.inf.vir
10/13/2009 04:11 PM 16,311 igunedyzal.vbs.vir
10/13/2009 06:52 PM 12,117 rivatyta.bin.vir
5 File(s) 70,355 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/22/2009 02:35 PM <DIR> Application Data
10/22/2009 04:18 AM <DIR> Local Settings
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Application Data

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/13/2009 04:26 PM 17,115 acity.pif.vir
10/13/2009 04:26 PM 16,542 dasih._sy.vir
10/13/2009 04:17 PM 13,896 ehucy._dl.vir
10/13/2009 04:17 PM 12,630 eweziwyl.pif.vir
10/13/2009 04:26 PM 16,227 ifycytif.pif.vir
10/13/2009 04:26 PM 10,165 kipu.lib.vir
10/13/2009 04:17 PM 13,708 otaj.dat.vir
10/13/2009 04:17 PM 18,572 tulaleby.inf.vir
10/13/2009 04:26 PM 16,343 ygidati.dl.vir
10/13/2009 06:52 PM 15,982 ylikihac.vbs.vir
10/13/2009 06:52 PM 15,533 zykelybyfo.exe.vir
11 File(s) 166,713 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/22/2009 02:35 PM <DIR> Application Data
10/22/2009 04:18 AM <DIR> Temporary Internet Files
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/13/2009 04:11 PM 15,866 ikozixuj._sy.vir
10/13/2009 04:17 PM 15,677 iryr.reg.vir
10/13/2009 04:26 PM 18,691 jukujopi.com.vir
10/13/2009 06:52 PM 19,196 keqinoraty.ban.vir
10/13/2009 06:52 PM 13,300 kydijal.bat.vir
10/13/2009 06:52 PM 14,089 owucadob.sys.vir
10/13/2009 04:17 PM 19,053 punujime._dl.vir
10/13/2009 04:17 PM 15,973 tovu.bat.vir
10/13/2009 04:26 PM 12,261 uvyrobahur.inf.vir
10/13/2009 06:52 PM 12,333 vyqocatoqa.dl.vir
10/13/2009 04:11 PM 11,971 webew.inf.vir
10/13/2009 04:17 PM 15,026 xagarufog.dll.vir
10/22/2009 02:35 PM <DIR> {11B723D6-3B1E-4746-97D8-8FE15062B264}
12 File(s) 183,436 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/22/2009 02:35 PM <DIR> chrome
10/13/2009 04:10 PM 122 chrome.manifest.vir
10/13/2009 04:11 PM 764 install.rdf.vir
2 File(s) 886 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\chrome

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/22/2009 02:35 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data\{11B723D6-3B1E-4746-97D8-8FE15062B264}\chrome\content

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/13/2009 04:11 PM 2,018 _cfg.js.vir
1 File(s) 2,018 bytes

Directory of C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Temporary Internet Files

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/13/2009 04:26 PM 17,504 abymo.dat.vir
10/13/2009 04:11 PM 15,278 ahir.reg.vir
10/13/2009 06:52 PM 13,639 ajumeta.sys.vir
10/13/2009 04:17 PM 10,135 alybizyg.dll.vir
10/13/2009 04:26 PM 19,835 aramunab.sys.vir
10/13/2009 04:17 PM 15,265 betetyqudi.com.vir
10/13/2009 04:11 PM 12,648 esyqysona.com.vir
10/13/2009 04:17 PM 14,949 etus.dll.vir
10/13/2009 04:11 PM 17,963 exeqyh.scr.vir
10/13/2009 06:52 PM 10,803 itum.dl.vir
10/13/2009 06:52 PM 17,947 kywal.dl.vir
10/13/2009 04:17 PM 12,892 musuwedis.lib.vir
10/13/2009 04:26 PM 11,357 nybaduquz.dl.vir
10/13/2009 04:17 PM 18,175 pusure.dll.vir
10/13/2009 04:17 PM 13,498 roziturixy.reg.vir
10/13/2009 04:26 PM 14,954 tigezysy.dll.vir
10/13/2009 04:17 PM 13,852 ugogojep.dat.vir
17 File(s) 250,694 bytes

Directory of C:\Qoobox\Quarantine\C\Program Files

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/22/2009 02:35 PM <DIR> Common Files
10/22/2009 04:18 AM <DIR> WinPcap
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Program Files\Common Files

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/13/2009 04:26 PM 13,114 ajewah.dl.vir
10/13/2009 04:26 PM 14,634 awolyta.vbs.vir
10/13/2009 04:26 PM 17,473 celepoxyri.db.vir
10/13/2009 06:52 PM 19,102 hecunud.ban.vir
10/13/2009 04:17 PM 11,265 jetuc.lib.vir
10/13/2009 04:26 PM 17,799 laqoweha.bat.vir
10/13/2009 04:17 PM 18,581 oxel.com.vir
10/13/2009 04:26 PM 17,175 selugyboq.lib.vir
10/13/2009 04:17 PM 18,415 taryhyzu.dl.vir
10/13/2009 04:26 PM 18,988 wevezeguf.dat.vir
10/13/2009 06:52 PM 10,505 xeji.bin.vir
10/13/2009 04:26 PM 11,124 xypuxaveba._dl.vir
10/13/2009 04:26 PM 18,745 zewi.ban.vir
13 File(s) 206,920 bytes

Directory of C:\Qoobox\Quarantine\C\Program Files\WinPcap

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
11/15/2007 03:30 PM 92,792 rpcapd.exe.vir
1 File(s) 92,792 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/13/2009 04:11 PM 120 Awemodipokidupa.dat.vir
10/13/2009 04:26 PM 14,784 buhotyl.dll.vir
10/13/2009 04:17 PM 18,073 ebixa.pif.vir
10/13/2009 06:52 PM 14,854 ekiwabubex.inf.vir
10/13/2009 04:17 PM 16,870 fadeno.com.vir
10/13/2009 04:17 PM 10,007 fifa.dll.vir
10/13/2009 06:52 PM 10,964 guxo.scr.vir
10/13/2009 04:11 PM 17,907 hodetofyzi.inf.vir
10/13/2009 06:52 PM 10,621 icyxez.dat.vir
10/13/2009 06:52 PM 15,477 ifadare.dll.vir
10/13/2009 04:26 PM 12,430 ilikonyv.dl.vir
10/22/2009 04:18 AM <DIR> Installer
10/13/2009 04:26 PM 19,722 ipytil._dl.vir
10/13/2009 06:52 PM 19,512 jive.ban.vir
03/20/2006 10:23 PM 23,040 kb913800.exe.vir
10/13/2009 04:17 PM 16,140 kicuzobyfu.bin.vir
10/13/2009 04:26 PM 15,609 kocede.com.vir
10/13/2009 04:17 PM 14,264 limudugax.reg.vir
10/13/2009 04:11 PM 17,607 nolijazav.dat.vir
10/13/2009 06:52 PM 14,587 ocyqev.dll.vir
10/13/2009 04:11 PM 18,262 owibikax.exe.vir
10/13/2009 04:17 PM 12,643 rapyleq.scr.vir
10/22/2009 04:18 AM <DIR> system
10/22/2009 02:35 PM <DIR> system32
10/13/2009 04:17 PM 10,019 tuzural.inf.vir
10/13/2009 04:11 PM 16,688 ucutak.pif.vir
10/13/2009 06:52 PM 19,134 wasixipo.inf.vir
10/13/2009 04:11 PM 0 Wjime.bin.vir
10/13/2009 06:52 PM 14,299 xocuc.bin.vir
10/13/2009 04:26 PM 12,112 ynuru._sy.vir
10/13/2009 04:11 PM 19,226 zaqymy.reg.vir
28 File(s) 404,971 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\Installer

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
11/20/2008 03:48 PM 5,097,472 25a5275.msp.vir
1 File(s) 5,097,472 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
07/10/2006 04:00 PM 426 OEMINFO.INI.vir
1 File(s) 426 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/22/2009 02:35 PM <DIR> config
10/22/2009 04:18 AM <DIR> drivers
10/13/2009 06:52 PM 17,137 ejuce.inf.vir
10/13/2009 06:52 PM 19,921 fiqele.exe.vir
10/13/2009 04:17 PM 16,091 igowyragu.bat.vir
10/13/2009 04:11 PM 19,931 lobyvel.bat.vir
10/11/2009 09:44 PM 76,784 mlfcache.dat.vir
10/13/2009 06:52 PM 17,487 ocifevisa.dl.vir
11/15/2007 03:30 PM 88,696 Packet.dll.vir
04/22/2006 06:00 PM 53,299 pthreadVC.dll.vir
10/13/2009 06:52 PM 19,117 ubybos.com.vir
10/13/2009 04:11 PM 12,660 uhatu.dl.vir
11/15/2007 03:30 PM 68,224 WanPacket.dll.vir
11/15/2007 03:30 PM 240,248 wpcap.dll.vir
10/13/2009 06:52 PM 18,149 wuqejyqur.bin.vir
10/13/2009 04:17 PM 14,312 ylopeve.reg.vir
10/13/2009 06:52 PM 13,717 ynesesus.ban.vir
10/13/2009 06:52 PM 12,809 yrebiluvoj.dat.vir
10/13/2009 04:11 PM 10,355 yxago.bin.vir
17 File(s) 718,937 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32\config

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/22/2009 02:35 PM <DIR> systemprofile
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/22/2009 02:35 PM <DIR> IETldCache
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\IETldCache

10/22/2009 02:35 PM <DIR> .
10/22/2009 02:35 PM <DIR> ..
10/13/2009 04:24 PM 16,384 index.dat.vir
1 File(s) 16,384 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers

10/22/2009 04:18 AM <DIR> .
10/22/2009 04:18 AM <DIR> ..
10/13/2009 07:00 PM 94,432 agp440.sys.vir
11/15/2007 03:30 PM 34,064 npf.sys.vir
2 File(s) 128,496 bytes

Directory of C:\Qoobox\Quarantine\Registry_backups

10/22/2009 02:36 PM <DIR> .
10/22/2009 02:36 PM <DIR> ..
10/22/2009 04:18 AM 1,372 Legacy_NPF.reg.dat
10/22/2009 04:18 AM 2,418 Service_npf.reg.dat
10/22/2009 02:33 PM 12,446 tcpip.reg
3 File(s) 16,236 bytes

Total Files Listed:
124 File(s) 7,671,510 bytes
77 Dir(s) 35,407,626,240 bytes free

#14 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 22 October 2009 - 06:09 PM

You're welcomed! :(

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:21 PM

Posted 22 October 2009 - 06:22 PM

Please go to Start > Run. Copy and paste the following in the run box:

"C:\Qoobox\Quarantine\C\Documents and Settings\Phyllis\Local Settings\Application Data"

A folder opens up. Inside it there is a folder named: {11B723D6-3B1E-4746-97D8-8FE15062B264}

We need to zip it for uplaoding.
  • Right-click the folder and select Send To from the Context menu => select Compressed (zip) Folder
  • Click Yes to any prompt. A zip file will be created in the same directory the is located.
  • Click on this link: http://www.bleepingcomputer.com/submit-mal....php?channel=72
  • Click Browse... and navigate to the zip file and highlight it to select.
  • Click Open.
  • You may either copy the link to this topic in the link box or write farbar in the comment box.
  • Click Send File.

Edited by farbar, 22 October 2009 - 06:22 PM.
Spelling





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users