Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow with Trojan.Gen.2 virus found


  • This topic is locked This topic is locked
19 replies to this topic

#1 dharris

dharris

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 07 January 2011 - 01:52 PM

My machine appears to be infected again. I am enclosing the RSIT log. I attempted to follow the Prep Guide but the DDS.scr program was continually rebooting the machine. Thanks for the help.


Logfile of random's system information tool 1.08 (written by random/random)
Run by dharris at 2011-01-07 12:38:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (7%) free of 76 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:42 PM, on 1/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dharris\Desktop\RSIT.exe
C:\Program Files\trend micro\dharris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dyaaserv.exe] "C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 1.1.4322; Windows-Media-Player/10.00.00.3990; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://secure.groovymusic.com/"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O4 - Startup: Shortcut to gettelemetry.lnk = KAOR Transmitter\gettelemetry.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233183208118
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233183196884
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} (SolidWorks Installation Manager Contol) - http://www.solidworks.com/sw/support/subscription/sldimdownload.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://192.236.36.147/sav10/sav-inst/departmental/webinst/webinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4560/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usd.local
O17 - HKLM\Software\..\Telephony: DomainName = usd.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usd.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = usd.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c3534408414e) (gupdate1c9c3534408414e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--
End of file - 16456 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\COMODO System Cleaner Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{42B2D97E-223D-480F-8F2D-E4DC58F19058}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-24 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-09-23 320928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-24 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-09-23 320928]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-24 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2010-06-02 115560]
"dyaaserv.exe"=C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe [2007-07-10 349184]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2005-06-07 1339392]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsiAsio Initialization]
ASIASIO.DLL,ShowHideRenameEntries_RunDll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
C:\Program Files\RssReader\RssReader.exe [2004-04-04 1077248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-12-20 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2
"YahooAUService"=3
"Viewpoint Manager Service"=2
"Lavasoft Ad-Aware Service"=2
"FLEXnet Licensing Service"=3
"Bonjour Service"=2
"CSIScanner"=2

C:\Documents and Settings\dharris\Start Menu\Programs\Startup
Shortcut to gettelemetry.lnk - C:\Documents and Settings\dharris\My Documents\KAOR Transmitter\gettelemetry.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-06-01 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2005-12-11 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-27 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableChangePassword"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=USD Logon Policy
"legalnoticetext"=This system is the property of The University of South Dakota (USD). This system and all users and devices utilizing it are subject to USD policies,regulations,and auditing. Use of this system constitutes acceptance of USD policy. Unauthorized use of this system is prohibited and may subject you to criminal prosecution and penalties.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"consentpromptbehavioradmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoLogoff"=0x01000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=8388624
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe"="C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod"="C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:*:Enabled:Liquid"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Reallusion\CrazyTalk 5\CT Program\CTIEMain.exe"="C:\Program Files\Reallusion\CrazyTalk 5\CT Program\CTIEMain.exe:LocalSubNet:Enabled:CrazyTalk v5.0 PRO"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Documents and Settings\dharris\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\dharris\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\UltraVNC\winvnc.exe"="C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

======List of files/folders created in the last 1 months======

2011-01-07 12:38:59 ----D---- C:\Program Files\trend micro
2011-01-07 12:38:57 ----D---- C:\rsit
2011-01-07 10:36:33 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-07 10:02:13 ----D---- C:\PC Repair
2011-01-06 13:34:03 ----D---- C:\Program Files\WebKut
2011-01-04 13:17:45 ----D---- C:\Documents and Settings\dharris\Application Data\Digiarty
2011-01-04 13:02:59 ----A---- C:\WINDOWS\system32\drivers\thdudf.sys
2011-01-04 13:02:21 ----D---- C:\Program Files\Digiarty
2010-12-30 17:41:51 ----D---- C:\Program Files\Panorama Tools
2010-12-30 09:53:52 ----A---- C:\WINDOWS\system32\javaws.exe
2010-12-30 09:53:52 ----A---- C:\WINDOWS\system32\javaw.exe
2010-12-30 09:53:51 ----A---- C:\WINDOWS\system32\java.exe
2010-12-24 02:03:07 ----D---- C:\WINDOWS\ie8updates
2010-12-23 09:32:30 ----HDC---- C:\WINDOWS\ie8
2010-12-21 02:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-18 02:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-18 02:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-18 02:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-18 02:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-18 02:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-18 02:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2447961_WM9L$
2010-12-18 02:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-16 16:31:50 ----D---- C:\Documents and Settings\dharris\Application Data\Yamb
2010-12-08 08:48:38 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-12-08 08:48:36 ----HDC---- C:\WINDOWS\$NtUninstallXpsEP$

======List of files/folders modified in the last 1 months======

2011-01-07 12:38:59 ----D---- C:\Program Files
2011-01-07 12:38:36 ----D---- C:\WINDOWS\Temp
2011-01-07 12:06:00 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics 56K FAX EXT.txt
2011-01-07 11:53:49 ----D---- C:\WINDOWS\system32
2011-01-07 11:25:55 ----A---- C:\WINDOWS\ASIDRV.INI
2011-01-07 11:20:19 ----D---- C:\WINDOWS\security
2011-01-07 10:36:33 ----D---- C:\WINDOWS
2011-01-07 10:26:04 ----D---- C:\WINDOWS\Prefetch
2011-01-07 01:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-06 21:07:46 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-06 15:31:16 ----D---- C:\Documents and Settings\dharris\Application Data\vlc
2011-01-06 13:34:05 ----SHD---- C:\WINDOWS\Installer
2011-01-06 13:33:55 ----D---- C:\Program Files\Adobe
2011-01-06 13:33:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-01-06 11:17:01 ----D---- C:\Documents and Settings\dharris\Application Data\Barracuda Spam Firewall Outlook Add-In
2011-01-06 10:05:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2011-01-06 10:05:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-01-06 10:05:24 ----D---- C:\WINDOWS\system32\drivers
2011-01-06 09:31:09 ----SD---- C:\WINDOWS\Tasks
2011-01-05 11:15:51 ----D---- C:\Program Files\Common Files\TerraGo
2011-01-05 10:05:03 ----D---- C:\Program Files\Autodesk
2011-01-05 08:49:52 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-01-05 08:49:52 ----D---- C:\Program Files\Common Files
2011-01-05 08:47:41 ----D---- C:\Documents and Settings\dharris\Application Data\Autodesk
2011-01-04 13:22:02 ----D---- C:\Documents and Settings\dharris\Application Data\dvdcss
2011-01-04 13:03:26 ----HD---- C:\WINDOWS\inf
2011-01-04 13:01:38 ----D---- C:\KAOR
2011-01-04 12:58:58 ----D---- C:\Documents and Settings\dharris\Application Data\CoreFTP
2011-01-04 10:20:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-03 16:00:00 ----D---- C:\Documents and Settings\dharris\Application Data\WeatherBug
2010-12-30 09:51:43 ----D---- C:\Program Files\Java
2010-12-27 11:04:15 ----D---- C:\Program Files\X-Sheet Invoicing
2010-12-25 02:05:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-25 02:05:18 ----D---- C:\Program Files\Internet Explorer
2010-12-25 02:05:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-25 02:05:08 ----A---- C:\WINDOWS\imsins.BAK
2010-12-23 10:22:42 ----D---- C:\WINDOWS\system32\en-us
2010-12-23 10:22:41 ----D---- C:\WINDOWS\Media
2010-12-23 10:22:41 ----D---- C:\WINDOWS\Help
2010-12-21 10:07:09 ----A---- C:\WINDOWS\WebUpdateSvc4.INI
2010-12-21 02:00:51 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-20 08:41:51 ----D---- C:\Program Files\SUPERAntiSpyware
2010-12-18 02:03:37 ----AD---- C:\Program Files\Outlook Express
2010-12-08 09:06:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-08 08:48:07 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\DRIVERS\drvmcdb.sys [2000-10-21 70480]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 pxscan;pxscan; C:\WINDOWS\System32\drivers\pxscan.sys [2009-04-30 22024]
R0 pxsec;pxsec; C:\WINDOWS\System32\drivers\pxsec.sys [2009-04-30 27656]
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver; C:\WINDOWS\system32\DRIVERS\sbp2port.sys [2008-04-14 43904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-06-05 30556]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2010-06-02 283184]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2010-06-02 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-10-22 188080]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 Stltrk2k;Stltrk2k; C:\WINDOWS\system32\drivers\Stltrk2k.sys [2000-04-11 13806]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2010-12-29 66944]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-09-26 67072]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2005-01-10 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-11 1414656]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-08-14 125952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2003-08-07 10899]
R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 72478]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\E.tmp []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110106.036\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110106.036\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-01-19 10368]
R3 sbpci;Sound Blaster AudioPCI 128D Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2002-10-28 465536]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-10-22 26416]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S2 ASIHPIWN;AudioScience HPI Kernel Driver (WDM); C:\WINDOWS\system32\DRIVERS\ASIHPIWN.SYS [2007-07-24 138880]
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S2 DYUSB;DiscPainter Status Monitor Driver; C:\WINDOWS\System32\Drivers\dyaastat.sys [2007-07-10 12544]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 MKEMUSB;Panasonic Digital Palmcorder; C:\WINDOWS\System32\Drivers\Mkemusb.sys [2001-08-08 14308]
S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2003-11-13 645360]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-11-13 366160]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2003-11-12 333600]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2003-11-13 6096]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2003-11-13 130288]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder; C:\WINDOWS\System32\Drivers\Mkeusbi.sys [2001-12-18 41729]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2003-11-13 145488]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 EUSBMSD;eUSB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\EUSBMSD.SYS [2000-03-21 49235]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-11-13 904496]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-04-12 26056]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2003-11-13 148432]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\System32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2003-07-16 1075685]
S3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2003-07-16 481305]
S3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2003-07-16 50805]
S3 lgatbus;LG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2006-05-20 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2006-05-20 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2006-05-20 60816]
S3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2003-07-16 31440]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 mv2;mv2; C:\WINDOWS\system32\DRIVERS\mv2.sys [2010-05-06 10688]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-17 1618939]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-11-13 178672]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-18 542976]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2010-06-02 320944]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 MDFSYSNT;MacDrive file system driver; C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-06-14 276096]
S4 MDPMGRNT;MDPMGRNT; C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2010-06-02 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2010-06-02 108392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2010-06-02 1881368]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2010-06-02 1831024]
R2 uvnc_service;uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2009-12-06 1590216]
R2 WebUpdate4;Web Update Wizard Service V4; C:\WINDOWS\system32\WebUpdateSvc4.exe [2007-11-01 237784]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-12-11 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9c3534408414e;Google Update Service (gupdate1c9c3534408414e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-14 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-08 867080]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-09 182768]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2010-02-17 3093880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-06-30 79360]
S3 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-11 393216]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-04-30 4368952]
S4 MacDriveService;MacDriveService; C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NVSvc;NVSvc; C:\WINDOWS\System32\nvsvc32.exe [2003-11-17 77824]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2010-06-02 349512]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
S4 x10nets;x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

-----------------EOF-----------------

After doing some additional cleaning and checking, I have found that my virus notification from Symantec Endpoint pops up when I start up Malwarebytes. When I disable the realtime protection I don't get the virus warning. I will run a few more scans and see if anything comes up.

I ran an ESET online scan and nothing came up. Then when I looked at the machine this morning, there was a virus found again. It indicated another Trojan.Gen.2 and the file found was another DWH####.temp file. I still think it has something to do with a false positive in Symantec Endpoint but I can't seem to find the right information to confirm that.

If anyone has any ideas I would be glad to hear them.

Thank you.

Merged 3 posts. ~ OB

Attached Files

  • Attached File  info.txt   48.66KB   0 downloads

Edited by Orange Blossom, 08 January 2011 - 10:07 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:35 AM

Posted 12 January 2011 - 03:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 dharris

dharris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 12 January 2011 - 03:50 PM

Here is my latest DDS file.

I am still having issues.

The GMER program will not scan. It gets into the scan and the machine will reboot.



DDS (Ver_10-12-12.01) - NTFSx86
Run by dharris at 14:31:54.86 on Wed 01/12/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1343 [GMT -6:00]

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dharris\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Bonjour: {9999a076-a9e2-4c99-8a2b-632fc9429223} - c:\program files\bonjour\ExplorerPlugin.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 1.1.4322; Windows-Media-Player/10.00.00.3990; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://secure.groovymusic.com/"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [dyaaserv.exe] "c:\program files\dymo discpainter\drivers\dyaaserv.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\dharris\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\dharris\my documents\kaor transmitter\gettelemetry.exe
uPolicies-explorer: NoLogoff = 01000000
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: consentpromptbehavioradmin = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233183208118
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233183196884
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.4033101852
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://192.236.36.147/sav10/sav-inst/departmental/webinst/webinst.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4560/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15030/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dharris\applic~1\mozilla\firefox\profiles\pj2vw6vc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_03000F10.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\docume~1\dharris\applic~1\mozilla\firefox\profiles\pj2vw6vc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\dharris\applic~1\mozilla\firefox\profiles\pj2vw6vc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\dharris\applic~1\mozilla\firefox\profiles\pj2vw6vc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\dharris\applic~1\mozilla\firefox\profiles\pj2vw6vc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-2-26 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-4-18 27656]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-1-11 18816]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-29 98392]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-2 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-2 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-6-2 1831024]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-1-4 66944]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-5-6 1590216]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-11-1 237784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2005-12-20 72478]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110112.002\NAVENG.SYS [2011-1-12 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110112.002\NAVEX15.SYS [2011-1-12 1360760]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 ASIHPIWN;AudioScience HPI Kernel Driver (WDM);c:\windows\system32\drivers\ASIHPIWN.SYS [2007-8-10 138880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DYUSB;DiscPainter Status Monitor Driver;c:\windows\system32\drivers\dyaastat.sys [2007-7-10 12544]
S2 gupdate1c9c3534408414e;Google Update Service (gupdate1c9c3534408414e);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2006-10-11 39048]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-3-28 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-3-28 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-3-28 60816]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4b64.tmp --> c:\windows\system32\4B64.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-5-6 10688]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-1-20 1373480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-2-26 4368952]
S4 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
S4 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-6-14 276096]
S4 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-10-26 2799808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-7-23 24652]

=============== Created Last 30 ================

2011-01-11 19:08:14 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-01-07 18:38:59 -------- d-----w- c:\program files\trend micro
2011-01-07 16:02:13 -------- d-----w- C:\PC Repair
2011-01-06 19:34:03 -------- d-----w- c:\program files\WebKut
2011-01-04 19:17:45 -------- d-----w- c:\docume~1\dharris\applic~1\Digiarty
2011-01-04 19:02:59 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys
2011-01-04 19:02:21 -------- d-----w- c:\program files\Digiarty
2010-12-30 23:41:51 -------- d-----w- c:\program files\Panorama Tools
2010-12-30 15:53:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-28 16:22:37 -------- d-----w- c:\docume~1\dharris\locals~1\applic~1\Sunbelt Software
2010-12-27 15:39:49 -------- d-sh--w- c:\documents and settings\dharris\IECompatCache
2010-12-24 23:09:46 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-24 23:09:40 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-24 08:03:07 -------- d-----w- c:\windows\ie8updates
2010-12-24 04:46:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-24 04:46:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-23 16:47:04 -------- d-sh--w- c:\documents and settings\dharris\PrivacIE
2010-12-23 16:37:07 -------- d-sh--w- c:\documents and settings\dharris\IETldCache
2010-12-23 15:32:30 -------- dc-h--w- c:\windows\ie8
2010-12-21 03:59:00 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-12-17 17:12:07 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2010-12-17 17:12:06 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 17:11:37 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 22:31:50 -------- d-----w- c:\docume~1\dharris\applic~1\Yamb

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 22:38:23 47624 ----a-w- c:\windows\system32\wuwuninst.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-05-15 02:02:10 3392872 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-05-15 02:02:10 3298152 ----a-w- c:\program files\common files\adlmint.dll
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2007-12-17 13:43:00 27648 --sha-w- c:\windows\system32\Smab0.dll

============= FINISH: 14:35:07.80 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 13 January 2011 - 08:58 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dharris

dharris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 January 2011 - 10:56 AM

Here is my ComboFix log. The machine still had a DWH#### virus warning from Symantec Endpoint protection this morning when I came in. The computer seems to operate up to speed for the most part. I just keep getting the virus warnings.




ComboFix 11-01-12.04 - dharris 01/13/2011 9:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1455 [GMT -6:00]
Running from: c:\documents and settings\dharris\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\documents and settings\dharris\Application Data\inst.exe
c:\documents and settings\dharris\filter.exe
c:\program files\Internet Explorer\SET3236.tmp
c:\program files\Internet Explorer\SET5E8.tmp
c:\program files\Internet Explorer\SET781.tmp
c:\program files\Internet Explorer\SETCA0.tmp
c:\program files\Search Settings
c:\program files\Search Settings\kb125\res\ErrorPageTemplate.css
c:\program files\Search Settings\kb125\res\help.gif
c:\program files\Search Settings\kb125\res\pixel.gif
c:\program files\Search Settings\kb125\res\tab_icon.png
c:\program files\Search Settings\kb125\res\tabdata.js
c:\program files\Search Settings\kb125\res\tablib.js
c:\program files\Search Settings\kb125\res\tabwelcome_en.html
c:\program files\Search Settings\kb125\res\toolbar_background.gif
c:\program files\Search Settings\kb125\res\vista_directions.png
c:\program files\Search Settings\kb125\res\xp_directions.png
c:\program files\Search Settings\kb125\res\yahoo_search.gif
c:\program files\Search Settings\SearchSettings.exe
c:\windows\ads.js
c:\windows\Downloaded Program Files\webinst.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004459_.tmp.dll
c:\windows\system32\_004460_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004462_.tmp.dll
c:\windows\system32\_004463_.tmp.dll
c:\windows\system32\_004464_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004471_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004473_.tmp.dll
c:\windows\system32\_004474_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004485_.tmp.dll
c:\windows\system32\_004486_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004490_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004496_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004498_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004501_.tmp.dll
c:\windows\system32\_004502_.tmp.dll
c:\windows\system32\_004503_.tmp.dll
c:\windows\system32\_004504_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004507_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004509_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004512_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004514_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004517_.tmp.dll
c:\windows\system32\_004518_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004522_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004524_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\_004527_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004529_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\_004531_.tmp.dll
c:\windows\system32\_004532_.tmp.dll
c:\windows\system32\_004533_.tmp.dll
c:\windows\system32\_004534_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004536_.tmp.dll
c:\windows\system32\_004537_.tmp.dll
c:\windows\system32\_004538_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004540_.tmp.dll
c:\windows\system32\_004541_.tmp.dll
c:\windows\system32\_004542_.tmp.dll
c:\windows\system32\_004543_.tmp.dll
c:\windows\system32\_004544_.tmp.dll
c:\windows\system32\_004545_.tmp.dll
c:\windows\system32\_004546_.tmp.dll
c:\windows\system32\_004547_.tmp.dll
c:\windows\system32\_004548_.tmp.dll
c:\windows\system32\_004549_.tmp.dll
c:\windows\system32\_004550_.tmp.dll
c:\windows\system32\_004551_.tmp.dll
c:\windows\system32\_004552_.tmp.dll
c:\windows\system32\_004553_.tmp.dll
c:\windows\system32\_004554_.tmp.dll
c:\windows\system32\_004555_.tmp.dll
c:\windows\system32\_004556_.tmp.dll
c:\windows\system32\_004557_.tmp.dll
c:\windows\system32\_004558_.tmp.dll
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004560_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004562_.tmp.dll
c:\windows\system32\_004563_.tmp.dll
c:\windows\system32\_004564_.tmp.dll
c:\windows\system32\_004565_.tmp.dll
c:\windows\system32\_004566_.tmp.dll
c:\windows\system32\_004567_.tmp.dll
c:\windows\system32\_004568_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004572_.tmp.dll
c:\windows\system32\_004573_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004576_.tmp.dll
c:\windows\system32\_004577_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004580_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004582_.tmp.dll
c:\windows\system32\_004583_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004586_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004589_.tmp.dll
c:\windows\system32\_004590_.tmp.dll
c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004593_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004595_.tmp.dll
c:\windows\system32\_004596_.tmp.dll
c:\windows\system32\_004597_.tmp.dll
c:\windows\system32\_004598_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004600_.tmp.dll
c:\windows\system32\_004601_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004604_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004606_.tmp.dll
c:\windows\system32\_004607_.tmp.dll
c:\windows\system32\_004608_.tmp.dll
c:\windows\system32\_004609_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004614_.tmp.dll
c:\windows\system32\_004615_.tmp.dll
c:\windows\system32\_004616_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004618_.tmp.dll
c:\windows\system32\_004619_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004621_.tmp.dll
c:\windows\system32\_004622_.tmp.dll
c:\windows\system32\_004623_.tmp.dll
c:\windows\system32\_004624_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004627_.tmp.dll
c:\windows\system32\_004628_.tmp.dll
c:\windows\system32\_004629_.tmp.dll
c:\windows\system32\_004630_.tmp.dll
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004632_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004635_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004637_.tmp.dll
c:\windows\system32\_004638_.tmp.dll
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004648_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\_004652_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004655_.tmp.dll
c:\windows\system32\_004656_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004658_.tmp.dll
c:\windows\system32\_004659_.tmp.dll
c:\windows\system32\_004660_.tmp.dll
c:\windows\system32\_004661_.tmp.dll
c:\windows\system32\_004662_.tmp.dll
c:\windows\system32\_004663_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004665_.tmp.dll
c:\windows\system32\_004666_.tmp.dll
c:\windows\system32\_004667_.tmp.dll
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004673_.tmp.dll
c:\windows\system32\_004674_.tmp.dll
c:\windows\system32\_004675_.tmp.dll
c:\windows\system32\_004676_.tmp.dll
c:\windows\system32\_004677_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004685_.tmp.dll
c:\windows\system32\_004686_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004693_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004695_.tmp.dll
c:\windows\system32\_004696_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004699_.tmp.dll
c:\windows\system32\_004700_.tmp.dll
c:\windows\system32\_004701_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004704_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004706_.tmp.dll
c:\windows\system32\_004707_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004709_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004723_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004733_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004735_.tmp.dll
c:\windows\system32\_004736_.tmp.dll
c:\windows\system32\_004737_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004739_.tmp.dll
c:\windows\system32\_004740_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004743_.tmp.dll
c:\windows\system32\_004744_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004747_.tmp.dll
c:\windows\system32\_004748_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004750_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004757_.tmp.dll
c:\windows\system32\_004758_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004762_.tmp.dll
c:\windows\system32\_004763_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004766_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004771_.tmp.dll
c:\windows\system32\_004772_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004774_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004777_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004780_.tmp.dll
c:\windows\system32\_004781_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004784_.tmp.dll
c:\windows\system32\_004785_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004788_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004795_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004820_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004831_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004849_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004858_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004863_.tmp.dll
c:\windows\system32\_004864_.tmp.dll
c:\windows\system32\_004865_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004874_.tmp.dll
c:\windows\system32\_004875_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004877_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004879_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004888_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004892_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004895_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\_004898_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\_004903_.tmp.dll
c:\windows\system32\_004904_.tmp.dll
c:\windows\system32\_004905_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004907_.tmp.dll
c:\windows\system32\_004908_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_004910_.tmp.dll
c:\windows\system32\_004911_.tmp.dll
c:\windows\system32\_004912_.tmp.dll
c:\windows\system32\_004913_.tmp.dll
c:\windows\system32\_004914_.tmp.dll
c:\windows\system32\_004916_.tmp.dll
c:\windows\system32\_004917_.tmp.dll
c:\windows\system32\_004918_.tmp.dll
c:\windows\system32\_004919_.tmp.dll
c:\windows\system32\_004921_.tmp.dll
c:\windows\system32\_004923_.tmp.dll
c:\windows\system32\_004924_.tmp.dll
c:\windows\system32\_004925_.tmp.dll
c:\windows\system32\_004926_.tmp.dll
c:\windows\system32\_004927_.tmp.dll
c:\windows\system32\_004928_.tmp.dll
c:\windows\system32\_004929_.tmp.dll
c:\windows\system32\_004930_.tmp.dll
c:\windows\system32\_004932_.tmp.dll
c:\windows\system32\_004933_.tmp.dll
c:\windows\system32\_004934_.tmp.dll
c:\windows\system32\_004935_.tmp.dll
c:\windows\system32\_004936_.tmp.dll
c:\windows\system32\_004937_.tmp.dll
c:\windows\system32\_004938_.tmp.dll
c:\windows\system32\_004939_.tmp.dll
c:\windows\system32\_004941_.tmp.dll
c:\windows\system32\_004942_.tmp.dll
c:\windows\system32\_004943_.tmp.dll
c:\windows\system32\_004944_.tmp.dll
c:\windows\system32\_004945_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004952_.tmp.dll
c:\windows\system32\_004953_.tmp.dll
c:\windows\system32\_004955_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004960_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004963_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004977_.tmp.dll
c:\windows\system32\_004978_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_005005_.tmp.dll
c:\windows\system32\_005006_.tmp.dll
c:\windows\system32\_005007_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005011_.tmp.dll
c:\windows\system32\_005012_.tmp.dll
c:\windows\system32\_005013_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005016_.tmp.dll
c:\windows\system32\_005017_.tmp.dll
c:\windows\system32\_005018_.tmp.dll
c:\windows\system32\_005020_.tmp.dll
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005023_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005026_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005028_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005032_.tmp.dll
c:\windows\system32\_005033_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005035_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005038_.tmp.dll
c:\windows\system32\_005039_.tmp.dll
c:\windows\system32\_005040_.tmp.dll
c:\windows\system32\_005041_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
c:\windows\system32\_005043_.tmp.dll
c:\windows\system32\_005044_.tmp.dll
c:\windows\system32\_005045_.tmp.dll
c:\windows\system32\_005046_.tmp.dll
c:\windows\system32\_005047_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005049_.tmp.dll
c:\windows\system32\_005050_.tmp.dll
c:\windows\system32\_005051_.tmp.dll
c:\windows\system32\_005052_.tmp.dll
c:\windows\system32\_005053_.tmp.dll
c:\windows\system32\_005054_.tmp.dll
c:\windows\system32\_005055_.tmp.dll
c:\windows\system32\_005056_.tmp.dll
c:\windows\system32\_005057_.tmp.dll
c:\windows\system32\_005058_.tmp.dll
c:\windows\system32\_005059_.tmp.dll
c:\windows\system32\_005060_.tmp.dll
c:\windows\system32\_005061_.tmp.dll
c:\windows\system32\_005064_.tmp.dll
c:\windows\system32\_005065_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005067_.tmp.dll
c:\windows\system32\_005068_.tmp.dll
c:\windows\system32\_005069_.tmp.dll
c:\windows\system32\_005070_.tmp.dll
c:\windows\system32\_005072_.tmp.dll
c:\windows\system32\_005073_.tmp.dll
c:\windows\system32\_005074_.tmp.dll
c:\windows\system32\_005075_.tmp.dll
c:\windows\system32\_005076_.tmp.dll
c:\windows\system32\_005077_.tmp.dll
c:\windows\system32\_005078_.tmp.dll
c:\windows\system32\_005079_.tmp.dll
c:\windows\system32\_005080_.tmp.dll
c:\windows\system32\_005083_.tmp.dll
c:\windows\system32\_005084_.tmp.dll
c:\windows\system32\_005085_.tmp.dll
c:\windows\system32\_005086_.tmp.dll
c:\windows\system32\_005087_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005089_.tmp.dll
c:\windows\system32\_005091_.tmp.dll
c:\windows\system32\_005092_.tmp.dll
c:\windows\system32\_005093_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005095_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005098_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005101_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005105_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005116_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005118_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005129_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005153_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005159_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005164_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005169_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005171_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005176_.tmp.dll
c:\windows\system32\_005177_.tmp.dll
c:\windows\system32\_005179_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005182_.tmp.dll
c:\windows\system32\_005184_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005188_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005190_.tmp.dll
c:\windows\system32\_005191_.tmp.dll
c:\windows\system32\_005192_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005196_.tmp.dll
c:\windows\system32\_005197_.tmp.dll
c:\windows\system32\_005198_.tmp.dll
c:\windows\system32\_005199_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005202_.tmp.dll
c:\windows\system32\_005203_.tmp.dll
c:\windows\system32\_005204_.tmp.dll
c:\windows\system32\_005205_.tmp.dll
c:\windows\system32\_005206_.tmp.dll
c:\windows\system32\_005207_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\_005210_.tmp.dll
c:\windows\system32\_005211_.tmp.dll
c:\windows\system32\_005213_.tmp.dll
c:\windows\system32\_005214_.tmp.dll
c:\windows\system32\_005215_.tmp.dll
c:\windows\system32\_005216_.tmp.dll
c:\windows\system32\_005218_.tmp.dll
c:\windows\system32\_005220_.tmp.dll
c:\windows\system32\_005221_.tmp.dll
c:\windows\system32\_005222_.tmp.dll
c:\windows\system32\_005223_.tmp.dll
c:\windows\system32\_005224_.tmp.dll
c:\windows\system32\_005225_.tmp.dll
c:\windows\system32\_005226_.tmp.dll
c:\windows\system32\_005227_.tmp.dll
c:\windows\system32\_005229_.tmp.dll
c:\windows\system32\_005230_.tmp.dll
c:\windows\system32\_005231_.tmp.dll
c:\windows\system32\_005232_.tmp.dll
c:\windows\system32\_005233_.tmp.dll
c:\windows\system32\_005234_.tmp.dll
c:\windows\system32\_005235_.tmp.dll
c:\windows\system32\_005236_.tmp.dll
c:\windows\system32\_005238_.tmp.dll
c:\windows\system32\_005239_.tmp.dll
c:\windows\system32\_005240_.tmp.dll
c:\windows\system32\_005241_.tmp.dll
c:\windows\system32\_005244_.tmp.dll
c:\windows\system32\_005245_.tmp.dll
c:\windows\system32\_005249_.tmp.dll
c:\windows\system32\_005250_.tmp.dll
c:\windows\system32\_005252_.tmp.dll
c:\windows\system32\_005254_.tmp.dll
c:\windows\system32\_005255_.tmp.dll
c:\windows\system32\_005257_.tmp.dll
c:\windows\system32\_005258_.tmp.dll
c:\windows\system32\_005259_.tmp.dll
c:\windows\system32\_005260_.tmp.dll
c:\windows\system32\_005263_.tmp.dll
c:\windows\system32\_005264_.tmp.dll
c:\windows\system32\_005265_.tmp.dll
c:\windows\system32\_005266_.tmp.dll
c:\windows\system32\_005267_.tmp.dll
c:\windows\system32\_005272_.tmp.dll
c:\windows\system32\_005274_.tmp.dll
c:\windows\system32\_005275_.tmp.dll
c:\windows\system32\_007266_.tmp.dll
c:\windows\system32\_007267_.tmp.dll
c:\windows\system32\_007268_.tmp.dll
c:\windows\system32\_007269_.tmp.dll
c:\windows\system32\_007276_.tmp.dll
c:\windows\system32\_007277_.tmp.dll
c:\windows\system32\_007278_.tmp.dll
c:\windows\system32\_007279_.tmp.dll
c:\windows\system32\_007281_.tmp.dll
c:\windows\system32\_007282_.tmp.dll
c:\windows\system32\_007285_.tmp.dll
c:\windows\system32\_007286_.tmp.dll
c:\windows\system32\_007288_.tmp.dll
c:\windows\system32\_007289_.tmp.dll
c:\windows\system32\_007290_.tmp.dll
c:\windows\system32\_007292_.tmp.dll
c:\windows\system32\_007293_.tmp.dll
c:\windows\system32\_007295_.tmp.dll
c:\windows\system32\_007296_.tmp.dll
c:\windows\system32\_007300_.tmp.dll
c:\windows\system32\_007301_.tmp.dll
c:\windows\system32\_007303_.tmp.dll
c:\windows\system32\_007305_.tmp.dll
c:\windows\system32\_007306_.tmp.dll
c:\windows\system32\_007308_.tmp.dll
c:\windows\system32\_007309_.tmp.dll
c:\windows\system32\_007310_.tmp.dll
c:\windows\system32\_007311_.tmp.dll
c:\windows\system32\_007312_.tmp.dll
c:\windows\system32\_007315_.tmp.dll
c:\windows\system32\_007316_.tmp.dll
c:\windows\system32\_007317_.tmp.dll
c:\windows\system32\_007318_.tmp.dll
c:\windows\system32\_007319_.tmp.dll
c:\windows\system32\_007324_.tmp.dll
c:\windows\system32\_007326_.tmp.dll
c:\windows\system32\_007327_.tmp.dll
c:\windows\system32\system
c:\windows\system32\win.ini

.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-11 19:08 . 2010-05-26 16:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-01-07 18:38 . 2011-01-07 20:13 -------- d-----w- c:\program files\trend micro
2011-01-07 18:38 . 2011-01-07 18:39 -------- d-----w- C:\rsit
2011-01-07 16:02 . 2011-01-07 19:08 -------- d-----w- C:\PC Repair
2011-01-06 19:34 . 2011-01-06 19:34 -------- d-----w- c:\program files\WebKut
2011-01-04 19:17 . 2011-01-04 19:17 -------- d-----w- c:\documents and settings\dharris\Application Data\Digiarty
2011-01-04 19:02 . 2010-12-29 17:41 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys
2011-01-04 19:02 . 2011-01-04 19:02 -------- d-----w- c:\program files\Digiarty
2010-12-30 23:41 . 2010-12-30 23:41 -------- d-----w- c:\program files\Panorama Tools
2010-12-30 15:53 . 2010-11-12 22:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-28 16:22 . 2010-12-28 16:22 -------- d-----w- c:\documents and settings\dharris\Local Settings\Application Data\Sunbelt Software
2010-12-27 15:39 . 2010-12-27 15:39 -------- d-sh--w- c:\documents and settings\dharris\IECompatCache
2010-12-24 23:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-24 23:09 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-24 04:46 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-24 04:46 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-23 16:47 . 2010-12-23 16:47 -------- d-sh--w- c:\documents and settings\dharris\PrivacIE
2010-12-23 16:37 . 2010-12-23 16:37 -------- d-sh--w- c:\documents and settings\dharris\IETldCache
2010-12-23 15:32 . 2010-12-23 15:36 -------- dc-h--w- c:\windows\ie8
2010-12-21 03:59 . 2010-09-23 19:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-12-17 17:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2010-12-17 17:12 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 17:11 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 22:31 . 2010-12-17 16:35 -------- d-----w- c:\documents and settings\dharris\Application Data\Yamb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 16:25 . 2009-10-29 14:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 00:09 . 2010-07-13 13:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-07-13 13:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 22:38 . 2010-11-30 22:37 47624 ----a-w- c:\windows\system32\wuwuninst.exe
2010-11-18 18:12 . 2004-04-16 16:22 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:53 . 2010-06-29 19:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:26 . 2005-06-30 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-04-16 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-04-16 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-01-29 19:35 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-01-29 19:35 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-05-15 02:02 . 2009-05-15 02:02 3392872 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 02:02 . 2009-05-15 02:02 3298152 ----a-w- c:\program files\Common Files\adlmint.dll
2007-01-23 19:07 . 2007-08-16 14:11 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 27648 --sha-w- c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\dharris\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\dharris\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\dharris\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-02 115560]
"dyaaserv.exe"="c:\program files\DYMO DiscPainter\Drivers\dyaaserv.exe" [2007-07-10 349184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WMC_WMPDBExport"="c:\program files\Windows Media Player\wmdbexport.exe" [2006-10-19 493568]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]

c:\documents and settings\dharris\Start Menu\Programs\Startup\
Shortcut to gettelemetry.lnk - c:\documents and settings\dharris\My Documents\KAOR Transmitter\gettelemetry.exe [2011-1-4 1887744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-06-01 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=asiwav32.dll
"mixer"=asiwav32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsiAsio Initialization]
2007-07-24 17:05 45056 ----a-w- c:\windows\system32\asiasio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
2004-04-04 23:21 1077248 ----a-w- c:\program files\RssReader\RssReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-20 14:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-06 03:56 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"YahooAUService"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"CSIScanner"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2/26/2009 1:45 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [4/18/2009 12:53 PM 27656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [1/11/2011 1:08 PM 18816]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/29/2009 8:11 AM 98392]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [1/4/2011 1:02 PM 66944]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [5/6/2010 9:09 AM 1590216]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [11/1/2007 12:39 PM 237784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2010 1:05 PM 102448]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [12/20/2005 1:50 PM 72478]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 ASIHPIWN;AudioScience HPI Kernel Driver (WDM);c:\windows\system32\drivers\ASIHPIWN.SYS [8/10/2007 2:36 PM 138880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 DYUSB;DiscPainter Status Monitor Driver;c:\windows\system32\drivers\dyaastat.sys [7/10/2007 5:28 AM 12544]
S2 gupdate1c9c3534408414e;Google Update Service (gupdate1c9c3534408414e);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 8:04 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/11/2006 3:05 PM 39048]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [3/28/2007 8:22 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [3/28/2007 8:23 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [3/28/2007 8:23 AM 60816]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4B64.tmp --> c:\windows\system32\4B64.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [5/6/2010 9:09 AM 10688]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 5:03 AM 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 12872]
S3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [1/20/2009 4:38 PM 1373480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2/26/2009 1:45 PM 4368952]
S4 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 1:55 PM 143360]
S4 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [6/14/2007 11:03 AM 276096]
S4 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 10:15 AM 19072]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [10/26/2006 1:45 PM 2799808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/23/2007 8:25 AM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 14:03]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 14:03]

2011-01-13 c:\windows\Tasks\User_Feed_Synchronization-{42B2D97E-223D-480F-8F2D-E4DC58F19058}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://192.236.36.147/sav10/sav-inst/departmental/webinst/webinst.cab
FF - ProfilePath - c:\documents and settings\dharris\Application Data\Mozilla\Firefox\Profiles\pj2vw6vc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime Alternative\qttask.exe
AddRemove-PowerPlugs: Headings - c:\documents and settings\dharris\My Documents\My Pictures\PowerPlugs Headings\DeIsL1.isu
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\dharris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 09:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4B64.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:59,b2,5e,19,8d,7b,7d,f4,fd,78,30,2e,c7,2e,4b,a4,7f,a9,28,9f,c8,
1b,ae,1b,e7,fe,00,ed,91,07,06,ce,30,8b,3b,8a,83,d5,3b,41,07,cf,de,fe,c6,51,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="571208:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454420:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{C5649A0E-720C-57C2-188C-C561713B6FE0}\Version 1.1]
@DACL=
"dat"="806585365:{ED62ADC3-245C-A77F-2443-DDFF9723B14F}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454441:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{C147143F-66E6-38EE-A221-A5F03B4DFC28}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232650:{D15A7A56-49BE-1A3C-8981-1CE95E236E60}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{C5649A0E-720C-57C2-188C-C561713B6FE0}\Version 3.x]
@DACL=
"dat"="1767914624:{DB0E63F2-A815-5D19-5975-088DF0D747D9}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714357:{6C501404-6E29-9016-FB42-82C01294E813}"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:59,b2,5e,19,8d,7b,7d,f4,fd,78,30,2e,c7,2e,4b,a4,7f,a9,28,9f,c8,
1b,ae,1b,e7,fe,00,ed,91,07,06,ce,30,8b,3b,8a,83,d5,3b,41,07,cf,de,fe,c6,51,\

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{8BCD5714-906F-1844-BCB7-FB14EA8729B3}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521313:{51E33CD5-57E5-9C59-C3A2-DAA59F932C21}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="8:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\SYSTEM32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(856)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2011-01-13 09:47:50
ComboFix-quarantined-files.txt 2011-01-13 15:47

Pre-Run: 5,797,212,160 bytes free
Post-Run: 5,764,296,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F7F0E3E58621F9D7AEE633C06B86DFCD

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 13 January 2011 - 11:12 AM

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dharris

dharris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 January 2011 - 12:11 PM

Here are my latest logs. Thanks a bunch.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5512

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2011 10:51:31 AM
mbam-log-2011-01-13 (10-51-31).txt

Scan type: Quick scan
Objects scanned: 226745
Time elapsed: 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HJT LOG


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:12 AM, on 1/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dyaaserv.exe] "C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O4 - Startup: Shortcut to gettelemetry.lnk = KAOR Transmitter\gettelemetry.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233183208118
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233183196884
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} (SolidWorks Installation Manager Contol) - http://www.solidworks.com/sw/support/subscription/sldimdownload.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://192.236.36.147/sav10/sav-inst/departmental/webinst/webinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4560/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usd.local
O17 - HKLM\Software\..\Telephony: DomainName = usd.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usd.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = usd.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c3534408414e) (gupdate1c9c3534408414e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--
End of file - 15495 bytes


Nothing has shown up yet as viruses. We'll keep our fingers crossed.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 13 January 2011 - 02:57 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [dyaaserv.exe] "C:\Program Files\DYMO DiscPainter\Drivers\dyaaserv.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dharris

dharris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 January 2011 - 03:21 PM

Gringo,

I have a few of those programs that I want to maintain at startup but I know I can delete some of them.

Since running the previous tests, it has surfaced that my MS Office 2010 is no longer activated. I have tried reinstalling it and no go. It seems that the ComboFix log shows an entry for C:\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.vir

Is it possible that it removed my activation token? I have a help desk request in to see if they can help as well.

I will run the other items in the meantime.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 13 January 2011 - 03:50 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\ComboFix-quarantined-files.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dharris

dharris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 January 2011 - 03:53 PM

Here is the ComboFix log


2011-01-13 15:43:33 . 2011-01-13 15:43:33 802 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat
2011-01-13 15:43:33 . 2011-01-13 15:43:33 0 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PowerPlugs
2011-01-13 15:43:01 . 2011-01-13 15:43:01 662 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat
2011-01-13 15:43:00 . 2011-01-13 15:43:00 582 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Symantec Antvirus.reg.dat
2011-01-13 15:42:56 . 2011-01-13 15:42:56 306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-NavLogon.reg.dat
2011-01-13 15:42:42 . 2011-01-13 15:42:42 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-MacDrive Volume Icons.reg.dat
2011-01-13 15:26:28 . 2011-01-13 15:26:28 8,559 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-01-13 14:59:50 . 2011-01-13 14:59:50 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-29 14:49:39 . 2010-07-12 14:50:40 29,120 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.vir
2010-06-29 14:49:09 . 2010-06-29 15:57:05 2,505,399 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.vir
2009-01-29 17:06:53 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005275_.tmp.dll.vir
2009-01-29 17:06:53 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005274_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005272_.tmp.dll.vir
2009-01-29 17:06:12 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005267_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005266_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005265_.tmp.dll.vir
2009-01-29 17:06:12 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005263_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005264_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005260_.tmp.dll.vir
2009-01-29 17:06:12 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005259_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005258_.tmp.dll.vir
2009-01-29 17:06:12 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005257_.tmp.dll.vir
2009-01-29 17:06:12 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005255_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005254_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005252_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005249_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005250_.tmp.dll.vir
2009-01-29 17:06:11 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005244_.tmp.dll.vir
2009-01-29 17:06:11 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005245_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005239_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005235_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005236_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005234_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005222_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005227_.tmp.dll.vir
2009-01-29 17:06:11 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005214_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005213_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005209_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005208_.tmp.dll.vir
2009-01-29 17:06:11 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005203_.tmp.dll.vir
2009-01-29 17:06:11 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005161_.tmp.dll.vir
2009-01-29 17:06:10 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005142_.tmp.dll.vir
2009-01-29 17:06:10 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005153_.tmp.dll.vir
2009-01-29 17:06:10 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005139_.tmp.dll.vir
2009-01-29 14:33:39 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005241_.tmp.dll.vir
2009-01-29 14:33:39 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005240_.tmp.dll.vir
2009-01-29 14:32:22 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005238_.tmp.dll.vir
2009-01-29 14:32:22 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005233_.tmp.dll.vir
2009-01-29 14:32:22 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005232_.tmp.dll.vir
2009-01-29 14:32:22 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005231_.tmp.dll.vir
2009-01-29 14:32:22 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005230_.tmp.dll.vir
2009-01-29 14:32:22 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005229_.tmp.dll.vir
2009-01-29 14:32:21 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005226_.tmp.dll.vir
2009-01-29 14:32:21 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005225_.tmp.dll.vir
2009-01-29 14:32:21 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005224_.tmp.dll.vir
2009-01-29 14:32:21 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005223_.tmp.dll.vir
2009-01-29 14:32:21 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005221_.tmp.dll.vir
2009-01-29 14:32:21 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005220_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005218_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005216_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005215_.tmp.dll.vir
2009-01-29 14:32:20 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005211_.tmp.dll.vir
2009-01-29 14:32:20 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005210_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005205_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005202_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005201_.tmp.dll.vir
2009-01-29 14:32:20 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005200_.tmp.dll.vir
2009-01-29 14:32:19 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005193_.tmp.dll.vir
2009-01-29 14:32:19 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005188_.tmp.dll.vir
2009-01-29 14:32:19 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005180_.tmp.dll.vir
2009-01-29 14:32:19 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005179_.tmp.dll.vir
2009-01-29 14:32:19 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005175_.tmp.dll.vir
2009-01-29 14:32:19 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005174_.tmp.dll.vir
2009-01-29 14:32:19 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005172_.tmp.dll.vir
2009-01-29 14:32:18 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005138_.tmp.dll.vir
2009-01-29 14:32:18 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005137_.tmp.dll.vir
2009-01-29 14:32:18 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005134_.tmp.dll.vir
2009-01-29 14:32:18 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005133_.tmp.dll.vir
2009-01-28 18:00:21 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005207_.tmp.dll.vir
2009-01-28 18:00:21 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005206_.tmp.dll.vir
2009-01-28 17:59:35 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005204_.tmp.dll.vir
2009-01-28 17:59:34 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005199_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005198_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005197_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005196_.tmp.dll.vir
2009-01-28 17:59:34 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005195_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005192_.tmp.dll.vir
2009-01-28 17:59:34 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005191_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005190_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005189_.tmp.dll.vir
2009-01-28 17:59:34 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005187_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005186_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005184_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005181_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005182_.tmp.dll.vir
2009-01-28 17:59:34 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005177_.tmp.dll.vir
2009-01-28 17:59:34 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005176_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005173_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005170_.tmp.dll.vir
2009-01-28 17:59:34 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005171_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005169_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005167_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005164_.tmp.dll.vir
2009-01-28 17:59:33 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005160_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005159_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005152_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005147_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005144_.tmp.dll.vir
2009-01-28 17:59:33 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005128_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005119_.tmp.dll.vir
2009-01-28 17:59:33 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005110_.tmp.dll.vir
2009-01-28 17:59:33 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005108_.tmp.dll.vir
2009-01-28 15:03:05 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005166_.tmp.dll.vir
2009-01-28 15:03:05 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005165_.tmp.dll.vir
2009-01-28 15:02:18 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005163_.tmp.dll.vir
2009-01-28 15:02:18 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005158_.tmp.dll.vir
2009-01-28 15:02:18 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005157_.tmp.dll.vir
2009-01-28 15:02:18 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005156_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005155_.tmp.dll.vir
2009-01-28 15:02:17 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005154_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005151_.tmp.dll.vir
2009-01-28 15:02:17 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005150_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005149_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005148_.tmp.dll.vir
2009-01-28 15:02:17 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005146_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005145_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005143_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005141_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005140_.tmp.dll.vir
2009-01-28 15:02:17 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005136_.tmp.dll.vir
2009-01-28 15:02:17 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005135_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005130_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005127_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005126_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005125_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005118_.tmp.dll.vir
2009-01-28 15:02:17 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005113_.tmp.dll.vir
2009-01-28 15:02:16 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005105_.tmp.dll.vir
2009-01-28 15:02:16 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005104_.tmp.dll.vir
2009-01-28 15:02:16 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005100_.tmp.dll.vir
2009-01-28 15:02:16 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005099_.tmp.dll.vir
2009-01-28 15:02:16 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005097_.tmp.dll.vir
2009-01-28 15:02:16 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005060_.tmp.dll.vir
2009-01-28 15:02:16 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005056_.tmp.dll.vir
2009-01-28 15:02:16 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005050_.tmp.dll.vir
2009-01-28 15:02:16 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005049_.tmp.dll.vir
2009-01-16 22:11:29 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005132_.tmp.dll.vir
2009-01-16 22:11:29 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005131_.tmp.dll.vir
2009-01-16 22:10:38 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005129_.tmp.dll.vir
2009-01-16 22:10:38 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005124_.tmp.dll.vir
2009-01-16 22:10:38 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005123_.tmp.dll.vir
2009-01-16 22:10:38 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005122_.tmp.dll.vir
2009-01-16 22:10:38 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005121_.tmp.dll.vir
2009-01-16 22:10:38 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005120_.tmp.dll.vir
2009-01-16 22:10:38 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005117_.tmp.dll.vir
2009-01-16 22:10:37 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005116_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005115_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005114_.tmp.dll.vir
2009-01-16 22:10:37 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005112_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005111_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005109_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005107_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005106_.tmp.dll.vir
2009-01-16 22:10:37 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005102_.tmp.dll.vir
2009-01-16 22:10:37 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005101_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005098_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005096_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005091_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005093_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005089_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005088_.tmp.dll.vir
2009-01-16 22:10:37 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005076_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005073_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005067_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005068_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005066_.tmp.dll.vir
2009-01-16 22:10:37 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005041_.tmp.dll.vir
2009-01-16 22:10:37 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005030_.tmp.dll.vir
2009-01-16 22:10:36 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005027_.tmp.dll.vir
2009-01-16 22:10:36 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005026_.tmp.dll.vir
2009-01-16 20:35:09 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005095_.tmp.dll.vir
2009-01-16 20:35:09 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005094_.tmp.dll.vir
2009-01-16 20:33:30 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005092_.tmp.dll.vir
2009-01-16 20:33:30 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005086_.tmp.dll.vir
2009-01-16 20:33:30 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005087_.tmp.dll.vir
2009-01-16 20:33:30 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005085_.tmp.dll.vir
2009-01-16 20:33:30 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005084_.tmp.dll.vir
2009-01-16 20:33:30 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005083_.tmp.dll.vir
2009-01-16 20:33:29 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005080_.tmp.dll.vir
2009-01-16 20:33:29 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005079_.tmp.dll.vir
2009-01-16 20:33:29 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005078_.tmp.dll.vir
2009-01-16 20:33:29 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005077_.tmp.dll.vir
2009-01-16 20:33:29 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005075_.tmp.dll.vir
2009-01-16 20:33:29 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005074_.tmp.dll.vir
2009-01-16 20:33:29 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005072_.tmp.dll.vir
2009-01-16 20:33:28 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005070_.tmp.dll.vir
2009-01-16 20:33:28 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005069_.tmp.dll.vir
2009-01-16 20:33:28 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005065_.tmp.dll.vir
2009-01-16 20:33:28 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005064_.tmp.dll.vir
2009-01-16 20:33:28 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005061_.tmp.dll.vir
2009-01-16 20:33:28 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005059_.tmp.dll.vir
2009-01-16 20:33:28 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005058_.tmp.dll.vir
2009-01-16 20:33:28 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005057_.tmp.dll.vir
2009-01-16 20:33:27 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005055_.tmp.dll.vir
2009-01-16 20:33:27 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005052_.tmp.dll.vir
2009-01-16 20:33:27 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005048_.tmp.dll.vir
2009-01-16 20:33:27 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005047_.tmp.dll.vir
2009-01-16 20:33:27 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005040_.tmp.dll.vir
2009-01-16 20:33:27 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005035_.tmp.dll.vir
2009-01-16 20:33:27 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005032_.tmp.dll.vir
2009-01-16 20:33:25 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005015_.tmp.dll.vir
2009-01-16 20:33:25 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005012_.tmp.dll.vir
2009-01-16 20:33:25 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005011_.tmp.dll.vir
2009-01-16 20:33:25 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005008_.tmp.dll.vir
2008-12-29 08:15:40 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005054_.tmp.dll.vir
2008-12-29 08:15:39 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005053_.tmp.dll.vir
2008-12-29 08:14:32 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005051_.tmp.dll.vir
2008-12-29 08:14:31 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005046_.tmp.dll.vir
2008-12-29 08:14:31 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005045_.tmp.dll.vir
2008-12-29 08:14:31 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005044_.tmp.dll.vir
2008-12-29 08:14:31 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005043_.tmp.dll.vir
2008-12-29 08:14:31 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005042_.tmp.dll.vir
2008-12-29 08:14:31 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005039_.tmp.dll.vir
2008-12-29 08:14:31 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005038_.tmp.dll.vir
2008-12-29 08:14:31 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005037_.tmp.dll.vir
2008-12-29 08:14:31 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005036_.tmp.dll.vir
2008-12-29 08:14:30 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005034_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005033_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005031_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005029_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005028_.tmp.dll.vir
2008-12-29 08:14:30 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005023_.tmp.dll.vir
2008-12-29 08:14:30 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005024_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 560,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005021_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005020_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005018_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005017_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005016_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005014_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005013_.tmp.dll.vir
2008-12-29 08:14:30 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005010_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005009_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005007_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005006_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_005005_.tmp.dll.vir
2008-12-29 08:14:30 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004998_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004997_.tmp.dll.vir
2008-12-29 08:14:30 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004996_.tmp.dll.vir
2008-12-29 08:14:30 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004995_.tmp.dll.vir
2008-12-29 08:14:25 . 1999-12-20 19:16:40 15,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004422_.tmp.dll.vir
2008-06-09 07:27:18 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004978_.tmp.dll.vir
2008-06-09 07:27:16 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004977_.tmp.dll.vir
2008-06-09 07:24:08 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004975_.tmp.dll.vir
2008-06-09 07:24:07 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004970_.tmp.dll.vir
2008-06-09 07:24:07 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004969_.tmp.dll.vir
2008-06-09 07:24:07 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004968_.tmp.dll.vir
2008-06-09 07:24:07 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004967_.tmp.dll.vir
2008-06-09 07:24:07 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004966_.tmp.dll.vir
2008-06-09 07:24:07 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004963_.tmp.dll.vir
2008-06-09 07:24:07 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004962_.tmp.dll.vir
2008-06-09 07:24:07 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004961_.tmp.dll.vir
2008-06-09 07:24:07 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004960_.tmp.dll.vir
2008-06-09 07:24:06 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004958_.tmp.dll.vir
2008-06-09 07:24:06 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004957_.tmp.dll.vir
2008-06-09 07:24:06 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004955_.tmp.dll.vir
2008-06-09 07:24:06 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004953_.tmp.dll.vir
2008-06-09 07:24:06 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004952_.tmp.dll.vir
2008-06-09 07:24:06 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004948_.tmp.dll.vir
2008-06-09 07:24:06 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004947_.tmp.dll.vir
2008-06-09 07:24:06 . 2004-08-04 07:56:44 560,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004945_.tmp.dll.vir
2008-06-09 07:24:06 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004942_.tmp.dll.vir
2008-06-09 07:24:05 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004939_.tmp.dll.vir
2008-06-09 07:24:05 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004938_.tmp.dll.vir
2008-06-09 07:24:05 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004937_.tmp.dll.vir
2008-06-09 07:24:04 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004930_.tmp.dll.vir
2008-06-09 07:24:04 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004925_.tmp.dll.vir
2008-06-09 07:24:04 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004917_.tmp.dll.vir
2008-06-09 07:24:04 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004916_.tmp.dll.vir
2008-06-09 07:24:03 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004912_.tmp.dll.vir
2008-06-09 07:24:03 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004911_.tmp.dll.vir
2008-06-09 07:24:03 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004907_.tmp.dll.vir
2008-06-09 07:24:00 . 2008-09-15 11:57:41 1,846,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004851_.tmp.dll.vir
2008-06-09 07:24:00 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004846_.tmp.dll.vir
2008-06-09 07:24:00 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004833_.tmp.dll.vir
2008-06-09 07:24:00 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004821_.tmp.dll.vir
2008-06-08 07:15:57 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004944_.tmp.dll.vir
2008-06-08 07:15:56 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004943_.tmp.dll.vir
2008-06-08 07:13:55 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004941_.tmp.dll.vir
2008-06-08 07:13:54 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004936_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004935_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004934_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004933_.tmp.dll.vir
2008-06-08 07:13:54 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004932_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004929_.tmp.dll.vir
2008-06-08 07:13:54 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004928_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004927_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004926_.tmp.dll.vir
2008-06-08 07:13:54 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004924_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004923_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004921_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004919_.tmp.dll.vir
2008-06-08 07:13:54 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004918_.tmp.dll.vir
2008-06-08 07:13:53 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004914_.tmp.dll.vir
2008-06-08 07:13:53 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004913_.tmp.dll.vir
2008-06-08 07:13:53 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004910_.tmp.dll.vir
2008-06-08 07:13:53 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004905_.tmp.dll.vir
2008-06-08 07:13:53 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004904_.tmp.dll.vir
2008-06-08 07:13:53 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004903_.tmp.dll.vir
2008-06-08 07:13:53 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004896_.tmp.dll.vir
2008-06-08 07:13:52 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004895_.tmp.dll.vir
2008-06-08 07:13:52 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004885_.tmp.dll.vir
2008-06-08 07:13:52 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004882_.tmp.dll.vir
2008-06-08 07:13:51 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004880_.tmp.dll.vir
2008-06-08 07:13:51 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004877_.tmp.dll.vir
2008-06-08 07:13:51 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004871_.tmp.dll.vir
2008-06-08 07:13:50 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004818_.tmp.dll.vir
2008-06-08 07:13:50 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004812_.tmp.dll.vir
2008-06-08 07:13:49 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004793_.tmp.dll.vir
2008-06-08 07:13:49 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004784_.tmp.dll.vir
2008-06-05 07:12:16 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004909_.tmp.dll.vir
2008-06-05 07:12:16 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004908_.tmp.dll.vir
2008-06-05 07:10:44 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004906_.tmp.dll.vir
2008-06-05 07:10:43 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004901_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004900_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004899_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004898_.tmp.dll.vir
2008-06-05 07:10:43 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004897_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004894_.tmp.dll.vir
2008-06-05 07:10:43 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004893_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004892_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004891_.tmp.dll.vir
2008-06-05 07:10:43 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004889_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004888_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004886_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004884_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004883_.tmp.dll.vir
2008-06-05 07:10:43 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004879_.tmp.dll.vir
2008-06-05 07:10:43 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004878_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:44 560,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004876_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004873_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004870_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004869_.tmp.dll.vir
2008-06-05 07:10:43 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004868_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004861_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004856_.tmp.dll.vir
2008-06-05 07:10:42 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004848_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004847_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004843_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004842_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004838_.tmp.dll.vir
2008-06-05 07:10:42 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004782_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004777_.tmp.dll.vir
2008-06-05 07:10:42 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004753_.tmp.dll.vir
2008-06-05 07:10:42 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004748_.tmp.dll.vir
2008-06-04 07:30:53 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004875_.tmp.dll.vir
2008-06-04 07:30:52 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004874_.tmp.dll.vir
2008-06-04 07:27:15 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004872_.tmp.dll.vir
2008-06-04 07:27:15 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004867_.tmp.dll.vir
2008-06-04 07:27:15 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004866_.tmp.dll.vir
2008-06-04 07:27:15 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004865_.tmp.dll.vir
2008-06-04 07:27:15 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004864_.tmp.dll.vir
2008-06-04 07:27:15 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004863_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004860_.tmp.dll.vir
2008-06-04 07:27:14 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004859_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004858_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004857_.tmp.dll.vir
2008-06-04 07:27:14 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004855_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004854_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004852_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004850_.tmp.dll.vir
2008-06-04 07:27:14 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004849_.tmp.dll.vir
2008-06-04 07:27:13 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004845_.tmp.dll.vir
2008-06-04 07:27:13 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004844_.tmp.dll.vir
2008-06-04 07:27:13 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004841_.tmp.dll.vir
2008-06-04 07:27:12 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004836_.tmp.dll.vir
2008-06-04 07:27:12 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004835_.tmp.dll.vir
2008-06-04 07:27:12 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004834_.tmp.dll.vir
2008-06-04 07:27:12 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004827_.tmp.dll.vir
2008-06-04 07:27:12 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004826_.tmp.dll.vir
2008-06-04 07:27:11 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004816_.tmp.dll.vir
2008-06-04 07:27:11 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004813_.tmp.dll.vir
2008-06-04 07:27:10 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004811_.tmp.dll.vir
2008-06-04 07:27:10 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004808_.tmp.dll.vir
2008-06-04 07:27:10 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004802_.tmp.dll.vir
2008-06-04 07:27:08 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004747_.tmp.dll.vir
2008-06-04 07:27:08 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004739_.tmp.dll.vir
2008-06-04 07:27:08 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004722_.tmp.dll.vir
2008-06-04 07:27:07 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004717_.tmp.dll.vir
2008-06-03 07:32:41 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004840_.tmp.dll.vir
2008-06-03 07:32:40 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004839_.tmp.dll.vir
2008-06-03 07:29:04 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004837_.tmp.dll.vir
2008-06-03 07:29:04 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004832_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004831_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004830_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004829_.tmp.dll.vir
2008-06-03 07:29:03 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004828_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004825_.tmp.dll.vir
2008-06-03 07:29:03 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004824_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004823_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004822_.tmp.dll.vir
2008-06-03 07:29:03 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004820_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004819_.tmp.dll.vir
2008-06-03 07:29:03 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004817_.tmp.dll.vir
2008-06-03 07:29:02 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004815_.tmp.dll.vir
2008-06-03 07:29:02 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004814_.tmp.dll.vir
2008-06-03 07:29:01 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004810_.tmp.dll.vir
2008-06-03 07:29:01 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004809_.tmp.dll.vir
2008-06-03 07:29:01 . 2004-08-04 07:56:44 560,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004807_.tmp.dll.vir
2008-06-03 07:29:01 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004804_.tmp.dll.vir
2008-06-03 07:29:00 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004801_.tmp.dll.vir
2008-06-03 07:29:00 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004800_.tmp.dll.vir
2008-06-03 07:29:00 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004799_.tmp.dll.vir
2008-06-03 07:29:00 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004792_.tmp.dll.vir
2008-06-03 07:29:00 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004787_.tmp.dll.vir
2008-06-03 07:28:59 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004779_.tmp.dll.vir
2008-06-03 07:28:59 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004778_.tmp.dll.vir
2008-06-03 07:28:58 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004771_.tmp.dll.vir
2008-06-03 07:28:58 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004770_.tmp.dll.vir
2008-06-03 07:28:58 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004768_.tmp.dll.vir
2008-06-03 07:28:56 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004716_.tmp.dll.vir
2008-06-03 07:28:56 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004708_.tmp.dll.vir
2008-06-03 07:28:55 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004691_.tmp.dll.vir
2008-06-03 07:28:55 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004686_.tmp.dll.vir
2008-06-02 02:54:19 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004806_.tmp.dll.vir
2008-06-02 02:54:18 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004805_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004803_.tmp.dll.vir
2008-06-02 02:53:35 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004798_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004797_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004796_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004795_.tmp.dll.vir
2008-06-02 02:53:35 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004794_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004791_.tmp.dll.vir
2008-06-02 02:53:35 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004790_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004789_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004788_.tmp.dll.vir
2008-06-02 02:53:35 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004786_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004785_.tmp.dll.vir
2008-06-02 02:53:35 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004783_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004781_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004780_.tmp.dll.vir
2008-06-02 02:53:34 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004776_.tmp.dll.vir
2008-06-02 02:53:34 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004773_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004769_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004762_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004761_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004756_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004751_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004749_.tmp.dll.vir
2008-06-02 02:53:34 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004746_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004740_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004737_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004731_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004725_.tmp.dll.vir
2008-06-02 02:53:34 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004685_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004680_.tmp.dll.vir
2008-06-02 02:53:34 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004666_.tmp.dll.vir
2008-06-02 02:53:34 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004657_.tmp.dll.vir
2008-06-01 07:24:51 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004775_.tmp.dll.vir
2008-06-01 07:24:50 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004774_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004772_.tmp.dll.vir
2008-06-01 07:22:49 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004767_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004766_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004765_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004764_.tmp.dll.vir
2008-06-01 07:22:49 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004763_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004760_.tmp.dll.vir
2008-06-01 07:22:49 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004759_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004758_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004757_.tmp.dll.vir
2008-06-01 07:22:49 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004755_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004754_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004752_.tmp.dll.vir
2008-06-01 07:22:49 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004750_.tmp.dll.vir
2008-06-01 07:22:48 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004745_.tmp.dll.vir
2008-06-01 07:22:48 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004742_.tmp.dll.vir
2008-06-01 07:22:47 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004738_.tmp.dll.vir
2008-06-01 07:22:47 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004730_.tmp.dll.vir
2008-06-01 07:22:46 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004720_.tmp.dll.vir
2008-06-01 07:22:46 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004718_.tmp.dll.vir
2008-06-01 07:22:46 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004715_.tmp.dll.vir
2008-06-01 07:22:46 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004709_.tmp.dll.vir
2008-06-01 07:22:45 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004706_.tmp.dll.vir
2008-06-01 07:22:45 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004700_.tmp.dll.vir
2008-06-01 07:22:45 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004694_.tmp.dll.vir
2008-06-01 07:22:42 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004655_.tmp.dll.vir
2008-06-01 07:22:42 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004650_.tmp.dll.vir
2008-06-01 07:22:42 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004632_.tmp.dll.vir
2008-06-01 07:22:42 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004623_.tmp.dll.vir
2008-05-31 07:21:50 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004744_.tmp.dll.vir
2008-05-31 07:21:48 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004743_.tmp.dll.vir
2008-05-31 07:19:23 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004741_.tmp.dll.vir
2008-05-31 07:19:22 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004736_.tmp.dll.vir
2008-05-31 07:19:22 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004735_.tmp.dll.vir
2008-05-31 07:19:22 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004734_.tmp.dll.vir
2008-05-31 07:19:22 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004733_.tmp.dll.vir
2008-05-31 07:19:22 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004732_.tmp.dll.vir
2008-05-31 07:19:22 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004729_.tmp.dll.vir
2008-05-31 07:19:22 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004728_.tmp.dll.vir
2008-05-31 07:19:22 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004727_.tmp.dll.vir
2008-05-31 07:19:22 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004726_.tmp.dll.vir
2008-05-31 07:19:21 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004724_.tmp.dll.vir
2008-05-31 07:19:21 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004723_.tmp.dll.vir
2008-05-31 07:19:21 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004721_.tmp.dll.vir
2008-05-31 07:19:21 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004719_.tmp.dll.vir
2008-05-31 07:19:20 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004714_.tmp.dll.vir
2008-05-31 07:19:20 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004711_.tmp.dll.vir
2008-05-31 07:19:20 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004707_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004699_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004689_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004687_.tmp.dll.vir
2008-05-31 07:19:19 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004684_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004681_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004675_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004674_.tmp.dll.vir
2008-05-31 07:19:19 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004672_.tmp.dll.vir
2008-05-31 07:19:18 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004621_.tmp.dll.vir
2008-05-31 07:19:18 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004616_.tmp.dll.vir
2008-05-31 07:19:18 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004598_.tmp.dll.vir
2008-05-31 07:19:18 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004589_.tmp.dll.vir
2008-05-30 07:39:06 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004713_.tmp.dll.vir
2008-05-30 07:39:04 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004712_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004710_.tmp.dll.vir
2008-05-30 07:36:12 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004705_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004704_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004703_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004702_.tmp.dll.vir
2008-05-30 07:36:12 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004701_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004698_.tmp.dll.vir
2008-05-30 07:36:12 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004697_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004696_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004695_.tmp.dll.vir
2008-05-30 07:36:12 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004693_.tmp.dll.vir
2008-05-30 07:36:12 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004692_.tmp.dll.vir
2008-05-30 07:36:11 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004690_.tmp.dll.vir
2008-05-30 07:36:11 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004688_.tmp.dll.vir
2008-05-30 07:36:11 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004683_.tmp.dll.vir
2008-05-30 07:36:11 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004682_.tmp.dll.vir
2008-05-30 07:36:10 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004677_.tmp.dll.vir
2008-05-30 07:36:10 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004673_.tmp.dll.vir
2008-05-30 07:36:09 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004665_.tmp.dll.vir
2008-05-30 07:36:09 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004660_.tmp.dll.vir
2008-05-30 07:36:09 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004652_.tmp.dll.vir
2008-05-30 07:36:09 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004651_.tmp.dll.vir
2008-05-30 07:36:08 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004647_.tmp.dll.vir
2008-05-30 07:36:08 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004646_.tmp.dll.vir
2008-05-30 07:36:08 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004641_.tmp.dll.vir
2008-05-30 07:36:05 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004587_.tmp.dll.vir
2008-05-30 07:36:05 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004582_.tmp.dll.vir
2008-05-30 07:36:05 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004569_.tmp.dll.vir
2008-05-30 07:36:05 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004557_.tmp.dll.vir
2008-05-28 14:25:47 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004679_.tmp.dll.vir
2008-05-28 14:25:47 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004678_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004676_.tmp.dll.vir
2008-05-28 14:24:47 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004671_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004670_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004669_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004668_.tmp.dll.vir
2008-05-28 14:24:47 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004667_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004664_.tmp.dll.vir
2008-05-28 14:24:47 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004663_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004662_.tmp.dll.vir
2008-05-28 14:24:47 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004661_.tmp.dll.vir
2008-05-28 14:24:46 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004659_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004658_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004656_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004654_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004653_.tmp.dll.vir
2008-05-28 14:24:46 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004649_.tmp.dll.vir
2008-05-28 14:24:46 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004648_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004643_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004640_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004639_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004638_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004631_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004626_.tmp.dll.vir
2008-05-28 14:24:46 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004618_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004617_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004613_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004612_.tmp.dll.vir
2008-05-28 14:24:46 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004607_.tmp.dll.vir
2008-05-28 14:24:45 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004554_.tmp.dll.vir
2008-05-28 14:24:45 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004548_.tmp.dll.vir
2008-05-28 14:24:45 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004538_.tmp.dll.vir
2008-05-28 14:24:45 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004523_.tmp.dll.vir
2008-05-28 07:28:39 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004645_.tmp.dll.vir
2008-05-28 07:28:38 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004644_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004642_.tmp.dll.vir
2008-05-28 07:26:23 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004637_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004636_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004635_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004634_.tmp.dll.vir
2008-05-28 07:26:23 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004633_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004630_.tmp.dll.vir
2008-05-28 07:26:23 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004629_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004628_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004627_.tmp.dll.vir
2008-05-28 07:26:23 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004625_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004624_.tmp.dll.vir
2008-05-28 07:26:23 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004622_.tmp.dll.vir
2008-05-28 07:26:22 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004620_.tmp.dll.vir
2008-05-28 07:26:22 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004619_.tmp.dll.vir
2008-05-28 07:26:22 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004615_.tmp.dll.vir
2008-05-28 07:26:22 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004614_.tmp.dll.vir
2008-05-28 07:26:21 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004609_.tmp.dll.vir
2008-05-28 07:26:21 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004606_.tmp.dll.vir
2008-05-28 07:26:21 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004605_.tmp.dll.vir
2008-05-28 07:26:20 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004604_.tmp.dll.vir
2008-05-28 07:26:20 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004597_.tmp.dll.vir
2008-05-28 07:26:20 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004592_.tmp.dll.vir
2008-05-28 07:26:20 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004584_.tmp.dll.vir
2008-05-28 07:26:20 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004583_.tmp.dll.vir
2008-05-28 07:26:20 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004579_.tmp.dll.vir
2008-05-28 07:26:19 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004578_.tmp.dll.vir
2008-05-28 07:26:19 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004574_.tmp.dll.vir
2008-05-28 07:26:18 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004518_.tmp.dll.vir
2008-05-28 07:26:18 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004517_.tmp.dll.vir
2008-05-28 07:26:18 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004512_.tmp.dll.vir
2008-05-28 07:26:17 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004503_.tmp.dll.vir
2008-05-27 13:52:18 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004611_.tmp.dll.vir
2008-05-27 13:52:18 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004610_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004608_.tmp.dll.vir
2008-05-27 13:51:29 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004603_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004602_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004601_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004600_.tmp.dll.vir
2008-05-27 13:51:29 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004599_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004596_.tmp.dll.vir
2008-05-27 13:51:29 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004595_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004594_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004593_.tmp.dll.vir
2008-05-27 13:51:29 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004591_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004590_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004588_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004586_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004585_.tmp.dll.vir
2008-05-27 13:51:29 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004581_.tmp.dll.vir
2008-05-27 13:51:29 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004580_.tmp.dll.vir
2008-05-27 13:51:29 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004577_.tmp.dll.vir
2008-05-27 13:51:28 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004572_.tmp.dll.vir
2008-05-27 13:51:28 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004571_.tmp.dll.vir
2008-05-27 13:51:28 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004570_.tmp.dll.vir
2008-05-27 13:51:26 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004563_.tmp.dll.vir
2008-05-27 13:51:26 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004562_.tmp.dll.vir
2008-05-27 13:51:26 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004552_.tmp.dll.vir
2008-05-27 13:51:26 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004549_.tmp.dll.vir
2008-05-27 13:51:25 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004547_.tmp.dll.vir
2008-05-27 13:51:25 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004541_.tmp.dll.vir
2008-05-27 13:51:25 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004540_.tmp.dll.vir
2008-05-27 13:51:25 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004495_.tmp.dll.vir
2008-05-27 13:51:25 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004494_.tmp.dll.vir
2008-05-27 13:51:25 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004484_.tmp.dll.vir
2008-05-27 13:51:25 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004479_.tmp.dll.vir
2008-05-27 07:10:18 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004576_.tmp.dll.vir
2008-05-27 07:10:18 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004575_.tmp.dll.vir
2008-05-27 07:08:54 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004573_.tmp.dll.vir
2008-05-27 07:08:53 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004568_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004567_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004566_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004565_.tmp.dll.vir
2008-05-27 07:08:53 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004564_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004561_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004559_.tmp.dll.vir
2008-05-27 07:08:53 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004560_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004558_.tmp.dll.vir
2008-05-27 07:08:53 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004556_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004555_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004553_.tmp.dll.vir
2008-05-27 07:08:53 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004551_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004550_.tmp.dll.vir
2008-05-27 07:08:52 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004546_.tmp.dll.vir
2008-05-27 07:08:52 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004543_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004539_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004532_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004526_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004531_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004521_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004519_.tmp.dll.vir
2008-05-27 07:08:52 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004516_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004513_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004510_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004509_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004504_.tmp.dll.vir
2008-05-27 07:08:52 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004475_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004473_.tmp.dll.vir
2008-05-27 07:08:52 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004472_.tmp.dll.vir
2008-05-27 07:08:52 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004470_.tmp.dll.vir
2008-05-26 07:25:23 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004545_.tmp.dll.vir
2008-05-26 07:25:23 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004544_.tmp.dll.vir
2008-05-26 07:24:01 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004542_.tmp.dll.vir
2008-05-26 07:24:01 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004537_.tmp.dll.vir
2008-05-26 07:24:01 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004536_.tmp.dll.vir
2008-05-26 07:24:01 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004535_.tmp.dll.vir
2008-05-26 07:24:01 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004534_.tmp.dll.vir
2008-05-26 07:24:01 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004533_.tmp.dll.vir
2008-05-26 07:24:01 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004530_.tmp.dll.vir
2008-05-26 07:24:00 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004529_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004528_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004527_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004524_.tmp.dll.vir
2008-05-26 07:24:00 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004525_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004522_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004520_.tmp.dll.vir
2008-05-26 07:24:00 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004515_.tmp.dll.vir
2008-05-26 07:24:00 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004514_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004511_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004506_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004502_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004501_.tmp.dll.vir
2008-05-26 07:24:00 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004489_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004486_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004482_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004481_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004480_.tmp.dll.vir
2008-05-26 07:24:00 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004469_.tmp.dll.vir
2008-05-26 07:24:00 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004466_.tmp.dll.vir
2008-05-26 07:23:59 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004465_.tmp.dll.vir
2008-05-26 07:23:59 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004462_.tmp.dll.vir
2008-05-24 07:27:23 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004508_.tmp.dll.vir
2008-05-24 07:27:23 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004507_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004505_.tmp.dll.vir
2008-05-24 07:25:36 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004500_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004499_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004498_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004497_.tmp.dll.vir
2008-05-24 07:25:36 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004496_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004493_.tmp.dll.vir
2008-05-24 07:25:36 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004492_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004491_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004490_.tmp.dll.vir
2008-05-24 07:25:36 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004488_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004487_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004485_.tmp.dll.vir
2008-05-24 07:25:36 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004483_.tmp.dll.vir
2008-05-24 07:25:35 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004478_.tmp.dll.vir
2008-05-24 07:25:35 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004477_.tmp.dll.vir
2008-05-24 07:25:35 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004474_.tmp.dll.vir
2008-05-24 07:25:35 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004471_.tmp.dll.vir
2008-05-24 07:25:35 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004468_.tmp.dll.vir
2008-05-24 07:25:35 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004467_.tmp.dll.vir
2008-05-24 07:25:35 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004464_.tmp.dll.vir
2008-05-24 07:25:35 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004463_.tmp.dll.vir
2008-05-24 07:25:34 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004461_.tmp.dll.vir
2008-05-24 07:25:34 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004460_.tmp.dll.vir
2008-05-24 07:25:34 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004459_.tmp.dll.vir
2008-05-24 07:25:33 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004452_.tmp.dll.vir
2008-05-24 07:25:33 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004451_.tmp.dll.vir
2008-05-24 07:25:33 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004450_.tmp.dll.vir
2008-05-24 07:25:33 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_004449_.tmp.dll.vir
2008-05-23 14:57:57 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET3236.tmp.vir
2008-05-23 14:57:57 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET5E8.tmp.vir
2008-05-23 14:57:57 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET781.tmp.vir
2008-05-23 14:57:57 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETCA0.tmp.vir
2008-03-12 13:37:15 . 2008-03-12 13:37:15 20 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SYSTEM.vir
2008-01-16 17:24:56 . 2008-01-16 17:24:58 87,608 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\dharris\Application Data\inst.exe.vir
2007-12-06 17:58:18 . 2007-12-06 17:58:18 1,069,920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir
2007-12-06 01:31:56 . 2007-12-06 01:31:56 3,003 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css.vir
2007-12-06 01:31:56 . 2007-12-06 01:31:56 43 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\pixel.gif.vir
2007-12-06 01:31:56 . 2007-12-06 01:31:56 4,539 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\tabwelcome_en.html.vir
2007-12-06 01:31:56 . 2007-12-06 01:31:56 111,947 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\vista_directions.png.vir
2007-12-06 01:31:56 . 2007-12-06 01:31:56 108,446 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\xp_directions.png.vir
2007-12-05 00:12:30 . 2007-12-05 00:12:30 1,036 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\help.gif.vir
2007-12-05 00:12:30 . 2007-12-05 00:12:30 2,970 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\tabdata.js.vir
2007-12-05 00:12:30 . 2007-12-05 00:12:30 2,854 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\tablib.js.vir
2007-12-05 00:12:30 . 2007-12-05 00:12:30 4,540 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\tab_icon.png.vir
2007-12-05 00:12:30 . 2007-12-05 00:12:30 324 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\toolbar_background.gif.vir
2007-12-05 00:12:30 . 2007-12-05 00:12:30 1,022 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\kb125\res\yahoo_search.gif.vir
2007-01-11 22:00:02 . 2007-01-11 22:08:42 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WIN.INI.vir
2006-07-27 22:18:52 . 2006-07-27 22:18:52 300 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ads.js.vir
2006-04-20 20:09:39 . 2009-08-11 14:44:11 66,848 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\dharris\filter.exe.vir
2005-04-28 18:54:57 . 2004-08-04 07:56:36 2,897,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007326_.tmp.dll.vir
2004-04-16 16:50:57 . 2004-08-04 07:56:44 382,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007327_.tmp.dll.vir
2001-08-23 12:00:00 . 2006-08-17 12:28:27 132,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007266_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:57 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007267_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:46 101,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007268_.tmp.dll.vir
2001-08-23 12:00:00 . 2008-03-19 09:47:00 1,845,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007269_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-12-07 19:32:34 96,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007276_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-07-17 18:48:43 22,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007277_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:56 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007278_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 05:56:46 983,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007279_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:55 108,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007281_.tmp.dll.vir
2001-08-23 12:00:00 . 2007-04-25 14:21:15 144,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007282_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 415,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007285_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 64,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007286_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 58,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007288_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007289_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 657,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007290_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007292_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 560,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007293_.tmp.dll.vir
2001-08-23 12:00:00 . 2005-07-26 04:39:49 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007295_.tmp.dll.vir
2001-08-23 12:00:00 . 2007-12-04 18:38:13 550,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007296_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:44 8,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007300_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:36 708,096 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007301_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:43 129,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007303_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:42 14,848 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007305_.tmp.dll.vir
2001-08-23 12:00:00 . 2007-11-07 09:26:56 721,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007306_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:42 341,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007308_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-07-17 18:48:42 249,270 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007309_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:42 13,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007310_.tmp.dll.vir
2001-08-23 12:00:00 . 2007-04-16 15:52:53 984,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007311_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:42 144,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007312_.tmp.dll.vir
2001-08-23 12:00:00 . 2006-05-19 12:59:41 111,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007315_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:57 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007316_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007317_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:41 276,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007318_.tmp.dll.vir
2001-08-23 12:00:00 . 2006-08-25 15:45:58 617,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007319_.tmp.dll.vir
2001-08-23 12:00:00 . 2004-08-04 07:56:41 616,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_007324_.tmp.dll.vir
2000-12-11 23:40:44 . 2000-12-11 23:40:44 164,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\WebInst.Dll.vir

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 13 January 2011 - 04:04 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DeQuarantine::
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.vir

Quit::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

now keep with the instructions from post #8

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 13 January 2011 - 04:05 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dharris

dharris
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 January 2011 - 05:05 PM

Gringo,

I ran the CFScript.txt and it appeared to complete okay. Unfortunately, I didn't save the log and I can't see it in the Qoobox folder. MS Office is still not activated though. The Token file appears to be the older original file now. I had stopped the ESET online scan to run ComboFix. it was approx. 35% complete and had not found anything yet. I will probably run it when I leave for the night so it can run through.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 13 January 2011 - 07:24 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 AM

Posted 15 January 2011 - 11:17 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users