Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus stopping skype and hijacking google


  • This topic is locked This topic is locked
50 replies to this topic

#1 galaxyhappyman

galaxyhappyman

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 27 May 2011 - 09:44 AM

Hi Everyone,

I seem to be having lots of issues on my PC with windows 7 Professional.
I did have the "windows 7 recovery" virus so I used Malwarebytes to get rid of it which I thought worked really well untill I tried to use google. I ended up with hijacked links to start with it was to britcouncil.org and then to ruba.tv?
Then I noticed that my skype had been deleted so I reinstalled it and now it starts up and then stops working and closes itself almost instantly.

Malwarebytes says my pc is fine. AVG says I am fine , yet this is still happening??
any ideas??






ComboFix 11-05-26.04 - PC4 27/05/2011 15:17:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3548.2490 [GMT 1:00]
Running from: c:\users\PC4\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC4\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 14:22 . 2011-05-27 14:25 -------- d-----w- c:\users\PC4\AppData\Local\temp
2011-05-27 14:22 . 2011-05-27 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-27 12:55 . 2011-05-27 12:55 -------- d-----w- c:\users\PC4\AppData\Roaming\AVG10
2011-05-27 12:54 . 2011-05-27 12:54 -------- d--h--w- c:\programdata\Common Files
2011-05-27 12:53 . 2011-05-27 14:04 -------- d-----w- c:\programdata\AVG10
2011-05-27 12:52 . 2011-05-27 12:52 -------- d-----w- c:\program files\AVG
2011-05-27 12:46 . 2011-05-27 14:03 -------- d-----w- c:\programdata\MFAData
2011-05-27 12:21 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C66EF1B0-5411-4D3F-9DBB-9F0FC9160289}\mpengine.dll
2011-05-27 07:27 . 2011-05-27 07:27 -------- d-----w- c:\users\PC4\AppData\Roaming\Malwarebytes
2011-05-27 07:27 . 2011-05-27 07:27 -------- d-----w- c:\programdata\Malwarebytes
2011-05-27 07:27 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 07:27 . 2011-05-27 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 07:14 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 13:26 . 2011-05-24 13:26 -------- d-----w- c:\users\PC4\AppData\Roaming\coupons
2011-05-19 07:14 . 2011-05-27 07:54 -------- d-----w- c:\programdata\Skype Extras
2011-05-19 07:13 . 2011-05-19 07:13 -------- d-----w- c:\program files\Common Files\Skype
2011-05-18 07:26 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 07:20 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 07:20 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-09 12:57 . 2011-05-09 12:57 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 14:24 . 2011-01-19 14:02 0 ----a-w- c:\users\PC4\AppData\Local\WavXMapDrive.bat
2011-04-18 14:21 . 2011-04-18 14:21 1409 ----a-w- c:\windows\Fonts\LetGothL_PD.fot
2011-03-21 08:42 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 05:40 . 2011-04-18 07:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-18 07:37 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-18 07:37 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-18 07:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-18 07:38 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-18 07:37 2331136 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 11:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 11:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\PC4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 136176]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 09:59]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 09:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.mg.mail.yahoo.com/neo/launch?.partner=bt-1
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: Interfaces\{E6BE2BDA-3F76-467B-B431-BFACBF223D55}: NameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.199/DvrOcx.cab
DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} - hxxp://217.41.47.189/webrec.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(452)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2011-05-27 15:28:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-27 14:28
.
Pre-Run: 459,570,032,640 bytes free
Post-Run: 459,387,969,536 bytes free
.
- - End Of File - - 006C569E7F81167AE51EF6280F0082CE

Edited by hamluis, 27 May 2011 - 10:46 AM.
Moved from Win 7 to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 02 June 2011 - 12:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 03 June 2011 - 03:52 AM

HI
Hope this works this time.

Sorry for adding the last log I thought it might speed up things.

ok my computer is still playing up:
skype starts up and stops working almost instantly (I have tried uninstalling and reinstalling the lasted version.)
Since the recovery 7 virus no programmes show up in the start up menu.
all google searches are being hijacked :(
here are the logs:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by PC4 at 9:13:36 on 2011-06-03
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3548.2016 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
R:\Myriad\MyriadStartup.EXE
C:\Windows\system32\notepad.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.mg.mail.yahoo.com/neo/launch?.partner=bt-1
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Seagull Drivers] ssdal_nc.exe startup
StartupFolder: c:\users\pc4\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.199/DvrOcx.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} - hxxp://217.41.47.189/webrec.cab
TCP: Interfaces\{E6BE2BDA-3F76-467B-B431-BFACBF223D55} : NameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-1-14 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-24 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-1-24 47640]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-1-14 224424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-28 136176]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-20 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-03 07:13:36 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4888b7d7-f2ee-44d8-b889-062b2d2d22c1}\mpengine.dll
2011-05-31 10:17:48 -------- d-----r- c:\program files\Skype
2011-05-31 10:04:17 -------- d-----w- c:\windows\system32\appmgmt
2011-05-27 14:27:28 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-27 14:22:50 -------- d-----w- c:\users\pc4\appdata\local\temp
2011-05-27 14:15:18 98816 ----a-w- c:\windows\sed.exe
2011-05-27 14:15:18 89088 ----a-w- c:\windows\MBR.exe
2011-05-27 14:15:18 256512 ----a-w- c:\windows\PEV.exe
2011-05-27 14:15:18 161792 ----a-w- c:\windows\SWREG.exe
2011-05-27 12:55:28 -------- d-----w- c:\users\pc4\appdata\roaming\AVG10
2011-05-27 12:54:43 -------- d--h--w- c:\programdata\Common Files
2011-05-27 12:53:46 -------- d-----w- c:\programdata\AVG10
2011-05-27 12:52:50 -------- d-----w- c:\program files\AVG
2011-05-27 12:46:10 -------- d-----w- c:\programdata\MFAData
2011-05-27 07:27:09 -------- d-----w- c:\users\pc4\appdata\roaming\Malwarebytes
2011-05-27 07:27:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 07:27:05 -------- d-----w- c:\programdata\Malwarebytes
2011-05-27 07:27:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 07:14:56 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 13:26:29 -------- d-----w- c:\users\pc4\appdata\roaming\coupons
2011-05-19 07:14:07 -------- d-----w- c:\programdata\Skype Extras
2011-05-18 07:26:44 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 07:20:14 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 07:20:14 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-09 12:57:57 -------- d-----w- c:\program files\MSECache
.
==================== Find3M ====================
.
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:44:09 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:44:01 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44:01 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44:01 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43:55 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 9:14:03.80 ===============

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x92A0D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9555968 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82A09000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A09000 PnpManager 4259840 bytes
0x82A09000 RAW 4259840 bytes
0x82A09000 WMIxWDM 4259840 bytes
0x82430000 Win32k 2404352 bytes
0x82430000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x91C2D000 C:\Windows\System32\Drivers\dump_iaStor.sys 1789952 bytes
0x8C403000 C:\Windows\system32\DRIVERS\iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86)
0x8CA25000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C638000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9332A000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C82A000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8C0EE000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9C605000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x928B4000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8C01B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8C23B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90F6C000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x98E80000 C:\Windows\system32\drivers\ADIHdAud.sys 405504 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8C199000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90E35000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9C723000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9C6D4000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x826E0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9544F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C369000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C2BA000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x98E20000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8C0AC000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90F0B000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8CBA8000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x92838000 C:\Windows\system32\DRIVERS\WavxDMgr.sys 258048 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0x8C8E1000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x92987000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8C200000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x9540B000 C:\Windows\system32\DRIVERS\e1k6232.sys 233472 bytes (Intel Corporation, Intel® Gigabit Adapter NDIS 6.x driver)
0x82E19000 ACPI_HAL 225280 bytes
0x82E19000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C5C1000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x955C1000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C971000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8C600000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CB6E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x98EE3000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C944000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8C767000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9C796000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8C313000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8C9B4000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C91F000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x92964000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x95533000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9C6A6000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90E00000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C800000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9C775000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x91C00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x954A9000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90E96000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x826C0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x98E00000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x929C2000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90EC3000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x92877000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x92939000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x98F12000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90FD0000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x954C8000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x95510000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x95555000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9556D000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95584000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C7DD000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x98F53000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x98FD5000 C:\Windows\system32\drivers\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8C3B4000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x98F77000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C792000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x928A1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90EDD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x954FE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90E21000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x92952000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C9A3000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x98F42000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C3CA000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x98E64000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8C348000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8C093000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92891000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8CA00000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x90EF0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8C359000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9549A000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90FE8000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90EB5000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C7CF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C7A5000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x933E1000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x98FBC000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x8C2AC000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x954F0000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x98F35000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x955A5000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x955B2000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9C6C7000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C9E5000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90F60000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x98F91000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8C9D9000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x98F6C000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x98FA8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x98F9D000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C7C4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x95528000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CBEF000 C:\Windows\system32\DRIVERS\PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0x90F00000 C:\Windows\System32\Drivers\SCDEmu.SYS 45056 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8C7F4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x98FCA000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x95444000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C33D000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x98F2B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x929E6000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x90F56000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90F4C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8C5F5000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9559B000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9C69C000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x954E0000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8C5B8000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x9C7C7000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8C7B3000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x98FB3000 C:\Windows\system32\DRIVERS\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0x82690000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8CB9F000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x90FF6000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8C302000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8C0A4000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8CA10000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAF000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C30B000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C9F2000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C821000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C7BC000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8CBE7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x91C26000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x98F8A000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9C7C0000 C:\Users\PC4\AppData\Local\Temp\mbr.sys 28672 bytes
0x91C1F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x929DD000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x90E8F000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x954EA000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x929E4000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x955BF000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x98F6A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x954FD000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================
0x87EECA91 Unknown page with executable code, 1391 bytes
0x87EEB288 Unknown page with executable code, 3448 bytes
0x87EED191 Unknown page with executable code, 3695 bytes
0x87EEFE7A Unknown thread object [ ETHREAD 0x88B3B4E0 ] TID: 284, 600 bytes
0x87EF2008 Unknown thread object [ ETHREAD 0x8841C330 ] TID: 288, 600 bytes
0x87EF1CDC Unknown page with executable code, 804 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)



hopefully this is enough info and I have done this correctly
many thanks in advance for any help
cheers
Liz

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 03 June 2011 - 07:34 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 03 June 2011 - 08:26 AM

Hi Gringo



the odd thing is other than the issues i mentioned before (skype starts up and stops working almost instantly (I have tried uninstalling and reinstalling the lasted version.)
Since the recovery 7 virus no programmes show up in the start up menu.
all google searches are being hijacked ) my computer is running fine its not slow or anything?
here is the new log





ComboFix 11-06-03.02 - PC4 03/06/2011 14:00:03.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3548.2289 [GMT 1:00]
Running from: c:\users\PC4\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 13:05 . 2011-06-03 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-03 07:13 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4888B7D7-F2EE-44D8-B889-062B2D2D22C1}\mpengine.dll
2011-05-31 10:17 . 2011-05-31 10:17 -------- d-----w- c:\program files\Common Files\Skype
2011-05-31 10:17 . 2011-05-31 10:17 -------- d-----r- c:\program files\Skype
2011-05-27 14:22 . 2011-06-03 13:05 -------- d-----w- c:\users\PC4\AppData\Local\temp
2011-05-27 12:55 . 2011-05-27 12:55 -------- d-----w- c:\users\PC4\AppData\Roaming\AVG10
2011-05-27 12:54 . 2011-05-27 12:54 -------- d--h--w- c:\programdata\Common Files
2011-05-27 12:53 . 2011-05-27 14:04 -------- d-----w- c:\programdata\AVG10
2011-05-27 12:52 . 2011-05-27 12:52 -------- d-----w- c:\program files\AVG
2011-05-27 12:46 . 2011-05-27 14:03 -------- d-----w- c:\programdata\MFAData
2011-05-27 07:27 . 2011-05-27 07:27 -------- d-----w- c:\users\PC4\AppData\Roaming\Malwarebytes
2011-05-27 07:27 . 2011-05-27 07:27 -------- d-----w- c:\programdata\Malwarebytes
2011-05-27 07:27 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-27 07:27 . 2011-05-27 07:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 07:14 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 13:26 . 2011-05-24 13:26 -------- d-----w- c:\users\PC4\AppData\Roaming\coupons
2011-05-19 07:14 . 2011-06-03 07:37 -------- d-----w- c:\programdata\Skype Extras
2011-05-18 07:26 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 07:20 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 07:20 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-09 12:57 . 2011-05-09 12:57 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 07:27 . 2011-01-19 14:02 0 ----a-w- c:\users\PC4\AppData\Local\WavXMapDrive.bat
2011-04-18 14:21 . 2011-04-18 14:21 1409 ----a-w- c:\windows\Fonts\LetGothL_PD.fot
2011-03-21 08:42 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 11:31 . 2011-05-02 08:11 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:44 . 2011-05-02 08:11 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:44 . 2011-05-02 08:11 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44 . 2011-05-02 08:11 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44 . 2011-05-02 08:11 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43 . 2011-05-02 08:11 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43 . 2011-05-02 08:11 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43 . 2011-05-02 08:11 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40 . 2011-04-18 07:37 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-18 07:37 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39 . 2011-05-02 08:11 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37 . 2011-05-02 08:11 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38 . 2011-04-18 07:37 740864 ----a-w- c:\windows\system32\inetcomm.dll
.




.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 11:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 11:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-28 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\PC4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 136176]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 09:59]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 09:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.mg.mail.yahoo.com/neo/launch?.partner=bt-1
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: Interfaces\{E6BE2BDA-3F76-467B-B431-BFACBF223D55}: NameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.199/DvrOcx.cab
DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} - hxxp://217.41.47.189/webrec.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5264)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.



thank you x

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 03 June 2011 - 01:09 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:folderfind
smtmp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 06 June 2011 - 03:06 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 07 June 2011 - 02:36 AM

Sorry it is my work computer so I do not have access to it at the weekend.
i will do it now for you sorry

#9 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 07 June 2011 - 02:39 AM

Here is the log you requested :


SystemLook 04.09.10 by jpshortstuff
Log created at 08:37 on 07/06/2011 by PC4
Administrator - Elevation successful

========== folderfind ==========

Searching for "smtmp"
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp d------ [14:20 27/05/2011]

-= EOF =-
many thanks in adavance
liz

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 07 June 2011 - 09:37 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DeQuarantine::
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp

Quit::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

SystemLook:

[*]Double-click SystemLook.exe to run it.
[*]Copy the content of the following codebox into the main textfield:
[/list]
:folderfind
*smtmp*
:dir
C:\Users\PC4\AppData\Local\Temp\smtmp /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled [b]SystemLook.txt

Edited by gringo_pr, 07 June 2011 - 09:38 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 07 June 2011 - 10:04 AM

Hi here you go :
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Default Programs.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Windows Update.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Acrobat.com.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Acrobat.com.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Bridge CS3.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Bridge CS3.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Device Central CS3.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Device Central CS3.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe ExtendScript Toolkit 2.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe ExtendScript Toolkit 2.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Photoshop CS3.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Photoshop CS3.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Stock Photos CS3.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Adobe Stock Photos CS3.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell Help Documentation.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell Help Documentation.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\LogMeIn.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\LogMeIn.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Default Manager.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Default Manager.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerDVD DX.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerDVD DX.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Mail.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Mail.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\NetworkProjection.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\NetworkProjection.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Print Management.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Print Management.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Security Configuration Management.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Security Manager.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Security Manager.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\EMBASSY Security Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\EMBASSY Security Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Security Setup Wizard.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Security Setup Wizard.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Document Manager.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Document Manager.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Embassy Trust Suite Readme.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Embassy Trust Suite Readme.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Private Information Manager.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Private Information Manager.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards\802.1x Authentication Setup Wizard.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards\802.1x Authentication Setup Wizard.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards\Encrypting File System Wizard.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards\Encrypting File System Wizard.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards\Secure Email Wizard.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards\Secure Email Wizard.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Garmin\WebUpdater.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Delivery Console.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Delivery Console.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\GroupMail 5.1.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\GroupMail 5.1.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\GroupMail 5.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\GroupMail 5.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Help & Information.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Help & Information.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Read Me.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Read Me.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Backup & Restore.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Backup & Restore.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Email Inspector.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Email Inspector.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Mailto Link Builder.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Mailto Link Builder.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Subscriber.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Subscriber.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Tweaker.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\Tweaker.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\XML Transformer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons\XML Transformer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel\Intel Control Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel\Intel Control Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel\Intel® Rapid Storage Technology.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\EU Waste Electronics Information.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\EU Waste Electronics Information.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Lexmark Cartridge Diagnostic Wizard.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Lexmark Cartridge Diagnostic Wizard.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Lexmark Imaging Studio.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Lexmark Imaging Studio.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Lexmark Solution Center.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Lexmark Solution Center.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Release Notes.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Release Notes.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Uninstall Lexmark 3500-4500 Series.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Uninstall Lexmark 3500-4500 Series.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\User's Guide.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\User's Guide.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Wireless Configuration Utility.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series\Wireless Configuration Utility.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Connect Mouse for Bluetooth.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Connect Mouse for Bluetooth.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Microsoft Mouse.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Microsoft Mouse.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Mouse Healthy Computing Guide.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Mouse Healthy Computing Guide.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Mouse Help.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Mouse Help.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Quality Settings.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse\Quality Settings.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\Desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\Desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Base.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Base.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Calc.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Calc.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Draw.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Draw.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Impress.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Impress.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Math.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Math.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Writer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Writer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\PowerISO Help.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\PowerISO Help.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\PowerISO.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\PowerISO.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\Uninstall PowerISO.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO\Uninstall PowerISO.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn Options.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn Options.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts\Sage 50 Accounts 2008.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts\Sage 50 Accounts 2008.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts\Sage 50 Accounts User Guide.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts\Sage 50 Accounts User Guide.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts\Sage 50 Report Designer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts\Sage 50 Report Designer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Startup\TdmNotify.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Startup\TdmNotify.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Family Safety.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mesh.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\3\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\3\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\desktop.ini -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\desktop.ini
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\GroupMail 5.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\GroupMail 5.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\iTunes.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\iTunes.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\Lexmark Imaging Studio - 3500-4500 Series.LNK -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\Lexmark Imaging Studio - 3500-4500 Series.LNK
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\PowerISO.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\PowerISO.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\Sage 50 Accounts 2008.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\Sage 50 Accounts 2008.lnk
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp\4\Skype.lnk -> C:\Users\PC4\AppData\Local\Temp\smtmp\4\Skype.lnk
162 File(s) copied

SystemLook 04.09.10 by jpshortstuff
Log created at 16:00 on 07/06/2011 by PC4
Administrator - Elevation successful

========== folderfind ==========

Searching for "*smtmp*"
C:\Qoobox\Quarantine\C\Users\PC4\AppData\Local\Temp\smtmp d------ [14:20 27/05/2011]
C:\Users\PC4\AppData\Local\temp\smtmp d------ [14:47 07/06/2011]

========== dir ==========

C:\Users\PC4\AppData\Local\Temp\smtmp - Parameters: "/sub"

---Files---
None found.

C:\Users\PC4\AppData\Local\Temp\smtmp\1 d------ [14:47 07/06/2011]
Default Programs.lnk --a---- 1282 bytes [14:47 07/06/2011] [04:46 14/07/2009]
desktop.ini --ahs-- 442 bytes [14:47 07/06/2011] [04:46 14/07/2009]
Windows Update.lnk --a---- 1266 bytes [14:47 07/06/2011] [04:37 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs d------ [14:47 07/06/2011]
Acrobat.com.lnk --a---- 981 bytes [14:47 07/06/2011] [10:59 24/01/2011]
Adobe Bridge CS3.lnk --a---- 1059 bytes [14:47 07/06/2011] [13:25 27/01/2011]
Adobe Device Central CS3.lnk --a---- 1152 bytes [14:47 07/06/2011] [13:25 27/01/2011]
Adobe ExtendScript Toolkit 2.lnk --a---- 1363 bytes [14:47 07/06/2011] [13:25 27/01/2011]
Adobe Photoshop CS3.lnk --a---- 1097 bytes [14:47 07/06/2011] [13:26 27/01/2011]
Adobe Reader X.lnk --a---- 2441 bytes [14:47 07/06/2011] [14:03 23/02/2011]
Adobe Stock Photos CS3.lnk --a---- 1183 bytes [14:47 07/06/2011] [13:26 27/01/2011]
Apple Software Update.lnk --a---- 2519 bytes [14:47 07/06/2011] [11:22 22/03/2011]
Dell Help Documentation.lnk --a---- 1975 bytes [14:47 07/06/2011] [14:01 19/01/2011]
desktop.ini --ahs-- 1748 bytes [14:47 07/06/2011] [13:56 27/01/2011]
LogMeIn.lnk --a---- 960 bytes [14:47 07/06/2011] [09:45 24/01/2011]
Media Center.lnk --a---- 1345 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Microsoft Default Manager.lnk --a---- 1340 bytes [14:47 07/06/2011] [09:38 14/01/2011]
Microsoft Office PowerPoint Viewer 2007.lnk --a---- 2557 bytes [14:47 07/06/2011] [12:58 09/05/2011]
PowerDVD DX.lnk --a---- 2026 bytes [14:47 07/06/2011] [09:29 14/01/2011]
Sidebar.lnk --a---- 1330 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Windows Anytime Upgrade.lnk --a---- 1352 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Windows DVD Maker.lnk --a---- 1326 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Windows Fax and Scan.lnk --a---- 1210 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Windows Live Mail.lnk --a---- 1406 bytes [14:47 07/06/2011] [13:55 27/01/2011]
Windows Live Messenger.lnk --a---- 2434 bytes [14:47 07/06/2011] [13:55 27/01/2011]
Windows Live Movie Maker.lnk --a---- 1253 bytes [14:47 07/06/2011] [13:56 27/01/2011]
Windows Live Photo Gallery.lnk --a---- 1322 bytes [14:47 07/06/2011] [13:56 27/01/2011]
Windows Media Player.lnk --a---- 1515 bytes [14:47 07/06/2011] [09:43 14/01/2011]
XPS Viewer.lnk --a---- 1246 bytes [14:47 07/06/2011] [04:42 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [14:47 07/06/2011]
Calculator.lnk --a---- 1230 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Desktop.ini --ahs-- 1854 bytes [14:47 07/06/2011] [18:15 14/01/2011]
displayswitch.lnk --a---- 1266 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Math Input Panel.lnk --a---- 1364 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Mobility Center.lnk --a---- 1238 bytes [14:47 07/06/2011] [18:15 14/01/2011]
NetworkProjection.lnk --a---- 1242 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Paint.lnk --a---- 1242 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Remote Desktop Connection.lnk --a---- 1367 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Snipping Tool.lnk --a---- 1272 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Sound Recorder.lnk --a---- 1330 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Sticky Notes.lnk --a---- 1351 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Sync Center.lnk --a---- 1254 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Welcome Center.lnk --a---- 1579 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Wordpad.lnk --a---- 1322 bytes [14:47 07/06/2011] [04:42 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [14:47 07/06/2011]
Desktop.ini --ahs-- 370 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Speech Recognition.lnk --a---- 1388 bytes [14:47 07/06/2011] [04:42 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [14:47 07/06/2011]
Character Map.lnk --a---- 1248 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Desktop.ini --ahs-- 1338 bytes [14:47 07/06/2011] [04:42 14/07/2009]
dfrgui.lnk --a---- 1290 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Disk Cleanup.lnk --a---- 1252 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Resource Monitor.lnk --a---- 1242 bytes [14:47 07/06/2011] [04:41 14/07/2009]
System Information.lnk --a---- 1250 bytes [14:47 07/06/2011] [04:41 14/07/2009]
System Restore.lnk --a---- 1246 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Task Scheduler.lnk --a---- 1268 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Windows Easy Transfer Reports.lnk --a---- 1320 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Windows Easy Transfer.lnk --a---- 1316 bytes [14:47 07/06/2011] [04:42 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC d------ [14:47 07/06/2011]
Desktop.ini --ahs-- 343 bytes [14:47 07/06/2011] [18:15 14/01/2011]
ShapeCollector.lnk --a---- 1436 bytes [14:47 07/06/2011] [18:15 14/01/2011]
TabTip.lnk --a---- 1386 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Windows Journal.lnk --a---- 1316 bytes [14:47 07/06/2011] [18:15 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell d------ [14:47 07/06/2011]
desktop.ini --ahs-- 116 bytes [14:47 07/06/2011] [04:46 14/07/2009]
Windows PowerShell ISE.lnk --a---- 1468 bytes [14:47 07/06/2011] [04:46 14/07/2009]
Windows PowerShell.lnk --a---- 1899 bytes [14:47 07/06/2011] [04:52 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [14:47 07/06/2011]
Component Services.lnk --a---- 1242 bytes [14:47 07/06/2011] [04:46 14/07/2009]
Computer Management.lnk --a---- 1294 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Data Sources (ODBC).lnk --a---- 1270 bytes [14:47 07/06/2011] [04:41 14/07/2009]
desktop.ini --ahs-- 1958 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Event Viewer.lnk --a---- 1298 bytes [14:47 07/06/2011] [04:42 14/07/2009]
iSCSI Initiator.lnk --a---- 1274 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Memory Diagnostics Tool.lnk --a---- 1268 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Performance Monitor.lnk --a---- 1232 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Print Management.lnk --a---- 1262 bytes [14:47 07/06/2011] [18:15 14/01/2011]
Security Configuration Management.lnk --a---- 1248 bytes [14:47 07/06/2011] [18:15 14/01/2011]
services.lnk --a---- 1288 bytes [14:47 07/06/2011] [04:41 14/07/2009]
System Configuration.lnk --a---- 1246 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Task Scheduler.lnk --a---- 1262 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Windows Firewall with Advanced Security.lnk --a---- 1274 bytes [14:47 07/06/2011] [04:41 14/07/2009]
Windows PowerShell Modules.lnk --a---- 2741 bytes [14:47 07/06/2011] [04:52 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint d------ [14:47 07/06/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager d------ [14:47 07/06/2011]
Security Manager.lnk --a---- 2687 bytes [14:47 07/06/2011] [09:28 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced d------ [14:47 07/06/2011]
EMBASSY Security Center.lnk --a---- 1291 bytes [14:47 07/06/2011] [09:26 14/01/2011]
Security Setup Wizard.lnk --a---- 1284 bytes [14:47 07/06/2011] [09:28 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced d------ [14:47 07/06/2011]
Document Manager.lnk --a---- 1408 bytes [14:47 07/06/2011] [09:27 14/01/2011]
Embassy Trust Suite Readme.lnk --a---- 1065 bytes [14:47 07/06/2011] [09:26 14/01/2011]
Private Information Manager.lnk --a---- 1542 bytes [14:47 07/06/2011] [09:27 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Dell ControlPoint\Security Manager\Advanced\Advanced\Advanced Security Wizards d------ [14:47 07/06/2011]
802.1x Authentication Setup Wizard.lnk --a---- 1185 bytes [14:47 07/06/2011] [09:27 14/01/2011]
Encrypting File System Wizard.lnk --a---- 1175 bytes [14:47 07/06/2011] [09:27 14/01/2011]
Secure Email Wizard.lnk --a---- 1185 bytes [14:47 07/06/2011] [09:27 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Games d------ [14:47 07/06/2011]
desktop.ini --ahs-- 520 bytes [14:47 07/06/2011] [07:49 14/07/2009]
GameExplorer.lnk --a---- 258 bytes [14:47 07/06/2011] [04:42 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Garmin d------ [14:47 07/06/2011]
WebUpdater.lnk --a---- 2078 bytes [14:47 07/06/2011] [08:39 01/03/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5 d------ [14:47 07/06/2011]
Delivery Console.lnk --a---- 1028 bytes [14:47 07/06/2011] [12:58 31/01/2011]
GroupMail 5.1.lnk --a---- 936 bytes [14:47 07/06/2011] [08:42 28/01/2011]
GroupMail 5.lnk --a---- 936 bytes [14:47 07/06/2011] [12:58 31/01/2011]
Help & Information.lnk --a---- 912 bytes [14:47 07/06/2011] [12:58 31/01/2011]
Read Me.lnk --a---- 936 bytes [14:47 07/06/2011] [12:58 31/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\GroupMail 5\Add-ons d------ [14:47 07/06/2011]
Backup & Restore.lnk --a---- 954 bytes [14:47 07/06/2011] [12:58 31/01/2011]
Email Inspector.lnk --a---- 935 bytes [14:47 07/06/2011] [12:58 31/01/2011]
Mailto Link Builder.lnk --a---- 942 bytes [14:47 07/06/2011] [12:58 31/01/2011]
Subscriber.lnk --a---- 954 bytes [14:47 07/06/2011] [12:58 31/01/2011]
Tweaker.lnk --a---- 959 bytes [14:47 07/06/2011] [12:58 31/01/2011]
XML Transformer.lnk --a---- 959 bytes [14:47 07/06/2011] [12:58 31/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Intel d------ [14:47 07/06/2011]
desktop.ini --ahs-- 195 bytes [14:47 07/06/2011] [09:24 14/01/2011]
Intel Control Center.lnk --a---- 1371 bytes [14:47 07/06/2011] [09:24 14/01/2011]
Intel® Rapid Storage Technology.lnk --a---- 1430 bytes [14:47 07/06/2011] [09:24 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\iTunes d------ [14:47 07/06/2011]
About iTunes.lnk --a---- 2090 bytes [14:47 07/06/2011] [11:23 22/03/2011]
iTunes.lnk --a---- 1773 bytes [14:47 07/06/2011] [11:23 22/03/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Lexmark 3500-4500 Series d------ [14:47 07/06/2011]
EU Waste Electronics Information.LNK --a---- 1433 bytes [14:47 07/06/2011] [14:15 28/01/2011]
Lexmark Cartridge Diagnostic Wizard.LNK --a---- 1326 bytes [14:47 07/06/2011] [14:15 28/01/2011]
Lexmark Imaging Studio.LNK --a---- 1078 bytes [14:47 07/06/2011] [14:16 28/01/2011]
Lexmark Solution Center.LNK --a---- 2118 bytes [14:47 07/06/2011] [14:16 28/01/2011]
Release Notes.LNK --a---- 1840 bytes [14:47 07/06/2011] [14:16 28/01/2011]
Uninstall Lexmark 3500-4500 Series.LNK --a---- 1297 bytes [14:47 07/06/2011] [14:16 28/01/2011]
User's Guide.LNK --a---- 1097 bytes [14:47 07/06/2011] [14:15 28/01/2011]
Wireless Configuration Utility.LNK --a---- 1342 bytes [14:47 07/06/2011] [14:15 28/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [14:47 07/06/2011]
Backup and Restore Center.lnk --a---- 1304 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Create Recovery Disc.lnk --a---- 1248 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Desktop.ini --ahs-- 606 bytes [14:47 07/06/2011] [04:42 14/07/2009]
Remote Assistance.lnk --a---- 1212 bytes [14:47 07/06/2011] [04:42 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse d------ [14:47 07/06/2011]
Connect Mouse for Bluetooth.lnk --a---- 2675 bytes [14:47 07/06/2011] [12:02 27/01/2011]
Microsoft Mouse.lnk --a---- 2653 bytes [14:47 07/06/2011] [12:02 27/01/2011]
Mouse Healthy Computing Guide.lnk --a---- 2703 bytes [14:47 07/06/2011] [12:02 27/01/2011]
Mouse Help.lnk --a---- 2829 bytes [14:47 07/06/2011] [12:02 27/01/2011]
Quality Settings.lnk --a---- 2739 bytes [14:47 07/06/2011] [12:02 27/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight d------ [14:47 07/06/2011]
Microsoft Silverlight.lnk --a---- 2227 bytes [14:47 07/06/2011] [17:00 21/04/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.2 d------ [14:47 07/06/2011]
Desktop.ini --a---- 36 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org Base.lnk --a---- 1056 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org Calc.lnk --a---- 1036 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org Draw.lnk --a---- 982 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org Impress.lnk --a---- 1044 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org Math.lnk --a---- 986 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org Writer.lnk --a---- 1058 bytes [14:47 07/06/2011] [11:02 24/01/2011]
OpenOffice.org.lnk --a---- 1116 bytes [14:47 07/06/2011] [11:02 24/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\PowerISO d------ [14:47 07/06/2011]
PowerISO Help.lnk --a---- 1851 bytes [14:47 07/06/2011] [13:39 27/01/2011]
PowerISO Virtual Drive Manager.lnk --a---- 1851 bytes [14:47 07/06/2011] [13:39 27/01/2011]
PowerISO.lnk --a---- 1851 bytes [14:47 07/06/2011] [13:39 27/01/2011]
Uninstall PowerISO.lnk --a---- 1858 bytes [14:47 07/06/2011] [13:39 27/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\QuickTime d------ [14:47 07/06/2011]
About QuickTime.lnk --a---- 2441 bytes [14:47 07/06/2011] [11:22 22/03/2011]
PictureViewer.lnk --a---- 2471 bytes [14:47 07/06/2011] [11:22 22/03/2011]
QuickTime Player.lnk --a---- 2441 bytes [14:47 07/06/2011] [11:22 22/03/2011]
Uninstall QuickTime.lnk --a---- 1818 bytes [14:47 07/06/2011] [11:22 22/03/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter d------ [14:47 07/06/2011]
Roxio Burn Options.lnk --a---- 1057 bytes [14:47 07/06/2011] [09:32 14/01/2011]
Roxio Burn.lnk --a---- 1079 bytes [14:47 07/06/2011] [09:32 14/01/2011]
Roxio Creator Starter.lnk --a---- 2122 bytes [14:47 07/06/2011] [09:31 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Sage 50 Accounts d------ [14:47 07/06/2011]
Sage 50 Accounts 2008.lnk --a---- 2114 bytes [14:47 07/06/2011] [11:47 28/01/2011]
Sage 50 Accounts User Guide.lnk --a---- 2095 bytes [14:47 07/06/2011] [11:47 28/01/2011]
Sage 50 Report Designer.lnk --a---- 2347 bytes [14:47 07/06/2011] [11:47 28/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Skype d------ [14:47 07/06/2011]
Skype.lnk --a---- 2521 bytes [14:47 07/06/2011] [07:13 19/05/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [14:47 07/06/2011]
desktop.ini --ahs-- 174 bytes [14:47 07/06/2011] [04:41 14/07/2009]
TdmNotify.lnk --a---- 2213 bytes [14:47 07/06/2011] [09:27 14/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Tablet PC d------ [14:47 07/06/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\1\Programs\Windows Live d------ [14:47 07/06/2011]
desktop.ini --ahs-- 243 bytes [14:47 07/06/2011] [13:56 27/01/2011]
Windows Live Family Safety.lnk --a---- 2645 bytes [14:47 07/06/2011] [13:56 27/01/2011]
Windows Live Mesh.lnk --a---- 2026 bytes [14:47 07/06/2011] [09:36 14/01/2011]
Windows Live Writer.lnk --a---- 2296 bytes [14:47 07/06/2011] [13:56 27/01/2011]

C:\Users\PC4\AppData\Local\Temp\smtmp\3 d------ [14:47 07/06/2011]
desktop.ini --ahs-- 86 bytes [14:47 07/06/2011] [09:56 07/02/2011]
Windows Explorer.lnk --a---- 1228 bytes [14:47 07/06/2011] [04:37 14/07/2009]

C:\Users\PC4\AppData\Local\Temp\smtmp\4 d------ [14:47 07/06/2011]
Adobe Reader X.lnk --a---- 1991 bytes [14:47 07/06/2011] [14:03 23/02/2011]
desktop.ini --ahs-- 174 bytes [14:47 07/06/2011] [04:41 14/07/2009]
GroupMail 5.lnk --a---- 918 bytes [14:47 07/06/2011] [12:58 31/01/2011]
iTunes.lnk --a---- 1755 bytes [14:47 07/06/2011] [11:23 22/03/2011]
Lexmark Imaging Studio - 3500-4500 Series.LNK --a---- 1060 bytes [14:47 07/06/2011] [14:16 28/01/2011]
PowerISO.lnk --a---- 967 bytes [14:47 07/06/2011] [13:39 27/01/2011]
QuickTime Player.lnk --a---- 1817 bytes [14:47 07/06/2011] [11:22 22/03/2011]
Sage 50 Accounts 2008.lnk --a---- 2096 bytes [14:47 07/06/2011] [11:47 28/01/2011]
Skype.lnk --a---- 2503 bytes [14:47 07/06/2011] [07:13 19/05/2011]

-= EOF =-

google is still being hijacked
skype is still dead and still no programmes in my start menu

hope this helps
many thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 07 June 2011 - 10:26 AM

1. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\1
and paste it to this folder:
C:\Program Data\Start Menu

2. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\2
and paste it to this folder:
C:\Users\PC4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\3
and paste it to this folder:
C:\Users\PC4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\4
and paste it to this folder:
C:\Program Data\Desktop

Edited by gringo_pr, 07 June 2011 - 10:26 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 09 June 2011 - 03:58 AM

Hi Gringo

I have had a few issue with this I think the virus is hiding the folders?



1. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\1 found this
and paste it to this folder:
C:\Program Data\Start Menu does not exsist

2. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\2 does not exsist
and paste it to this folder:
C:\Users\PC4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch found

3. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\3 fine
and paste it to this folder:
C:\Users\PC4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar fine

4. Copy the entire content of this folder:
C:\Users\PC4\AppData\Local\Temp\smtmp\4 fine
and paste it to this folder:
C:\Program Data\Desktop does not exsist


sorry I could not do this
many thanks
liz

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 09 June 2011 - 01:30 PM

Hello

run this and if they are hidden this will show them

http://download.bleepingcomputer.com/grinler/unhide.exe


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 galaxyhappyman

galaxyhappyman
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 10 June 2011 - 02:28 AM

Hi Gringo
I ran this programme this morning and the files are still hidden ???
Any other ideas?
Cheers
Liz




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users