[SOLVED] Dell imspiron 9300 spyware doctor problem

[tetonbob]

We're making progress, but there's more work to do.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please perform this fix in normal mode. It should go with less troubles than the last attempts.

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   McAfee:
   
   Double-click the taskbar icon to open the Security Center
   Click Advanced Menu (lower left)
   Click Configure (left)
   Click Computer & Files (upper left)
   VirusScan can be disabled on the right, and set when it should resume (30 minutes should be sufficient) or you choose Never, and re-enable manually after ComboFix has completed it's tasks.
   
   
2. Open notepad ( Windows key + R, type notepad and press Enter) and copy/paste the text in the quotebox below into it:
   
   
   Quote:

   http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/389560-dell-imspiron-9300-spyware-doctor-problem-2.html#post2214223
   Folder::
   c:\Program Files\Bat
   Registry::
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a84989c-e083-4a5d-bd8f-857127a99ec2}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "a05e3bc3"=-
   "gizutalovu"=-
   [HKEY_LOCAL_MACHINE\software\microsoft\security center]
   "AntiVirusDisableNotify"=dword:00000000
   "UpdatesDisableNotify"=dword:00000000
   DirLook::
   c:\program files\Manson
   Collect::
   c:\windows\system32\wogiregu.dll
   c:\windows\system32\jkkJBTKD.dll
   c:\windows\system32\rapevivo.dll
   c:\windows\system32\wogiregu.dll
   c:\documents and settings\Kathy\Start Menu\Programs\Startup\Bat - Auto Update.lnk
   DDS::
   uStart Page = hxxp://www.dell4me.com/myway
   uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
   Trusted Zone: imageservr.com
   Trusted Zone: imageservr.com
   
   
   

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
3. ComboFix should request an update; please allow it.
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   **Note**
   
   When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
   • Ensure you are connected to the internet and click OK on the message box.
   
   Please let me know if the file was successfully submitted . Thanks.
   
   ------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

[WIZARD6]

i have a window that pops up in the middle of my desk top says mcfee virusscan .--
i can't turn it off

[tetonbob]

You need to disable McAfee.

Double-click the taskbar icon to open the Security Center (looks like this )
Click Advanced Menu (lower left)
Click Configure (left)
Click Computer & Files (upper left)
VirusScan can be disabled on the right, and set when it should resume (30 minutes should be sufficient) or you choose Never, and re-enable manually after ComboFix has completed it's tasks.

[tetonbob]

If the message is from McAfee and not from ComboFix, and it says something about Artemis, it's likely that McAfee interfered with or deleted ComboFix. McAfee incorrectly identifies parts of ComboFix as a threat.

If this is the case, I'd like you to download ComboFix once again, this time run the procedure outlined in post #41 in Safe Mode with Networking, accessed on the same screen as you did for Safe Mode. (tap F8 upon restart, this time Select Safe Mode with Networking)

Once again, if ComboFix reboots the machine, restart back into Safe Mode (this time, Safe Mode with Networking) until ComboFix has completed it's tasks, and produced a log. Follow the same procedure as before for posting the new log, in other words, restart back into normal mode once ComboFix has completed it's tasks and produced a log, return here, and post the new log, C:\ComboFix.txt

[WIZARD6]

ok running combo fix in safe mode with networking----i draged cfscript.txt to the combo fix.exe and autoscan is running

[tetonbob]

Good job. I'll be looking for the next log.

[WIZARD6]

ComboFix 09-06-29.02 - Kathy 06/29/2009 19:49.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.364 [GMT -4:00]
Running from: c:\documents and settings\Kathy\Desktop\cbfix.exe
Command switches used :: c:\documents and settings\Kathy\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

file zipped: c:\documents and settings\Kathy\Start Menu\Programs\Startup\Bat - Auto Update.lnk
file zipped: c:\windows\system32\jkkJBTKD.dll
file zipped: c:\windows\system32\rapevivo.dll
file zipped: c:\windows\system32\wogiregu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kathy\Start Menu\Programs\Startup\Bat - Auto Update.lnk
c:\program files\Bat
c:\program files\Bat\Bat.dll.intermediate.manifest
c:\program files\Bat\Bat.exe
c:\program files\Bat\Bat.info
c:\program files\Bat\Bat.original
c:\program files\Bat\un_BatSetup_15041.exe
c:\program files\Bat\un_BatSetup_15041.txt
c:\program files\Bat\X_Bat.exe
c:\program files\Bat\X_Bat.log
c:\windows\system32\ddcDTkkK.dll
c:\windows\system32\jkkJBTKD.dll
c:\windows\system32\khfDuTJa.dll
c:\windows\system32\rapevivo.dll
c:\windows\system32\wogiregu.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 00:07 . 2006-02-15 00:22 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-06-30 00:07 . 2004-11-16 22:03 108791 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-06-30 00:07 . 2004-08-04 11:00 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-06-30 00:07 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2009-06-28 23:14 . 2009-06-28 23:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-28 23:09 . 2009-06-29 18:37 -------- d-sh--r- c:\program files\Manson
2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- c:\program files\trend micro
2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- C:\rsit
2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\IECompatCache
2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\PrivacIE
2009-06-28 16:43 . 2009-06-28 16:43 -------- d-sh--w- c:\documents and settings\Kathy\IETldCache
2009-06-28 16:10 . 2009-06-28 16:12 -------- dc-h--w- c:\windows\ie8
2009-06-28 05:17 . 2009-06-28 05:17 -------- d-----w- c:\documents and settings\Kathy\Application Data\AOL
2009-06-28 05:17 . 2009-06-28 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe
2009-06-27 02:52 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
2009-06-27 02:52 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 22:10 . 2005-03-18 18:25 -------- d-----w- c:\program files\McAfee.com
2009-06-29 14:14 . 2009-03-29 14:13 49152 --sha-w- c:\windows\system32\borababu.dll
2009-06-28 17:53 . 2005-04-24 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-06-28 05:04 . 2008-02-22 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Manson ----



((((((((((((((((((((((((((((( SnapShot@2009-06-28_23.00.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 18:09 . 2008-10-16 18:09 51224 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe
+ 2008-10-16 18:09 . 2008-10-16 18:09 92696 c:\windows\SoftwareDistribution\SelfUpdate\Default\cdm.dll
+ 2008-10-16 18:12 . 2008-10-16 18:12 561688 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuapi.dll
+ 2008-10-16 18:13 . 2008-10-16 18:13 1809944 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 14:13 394680 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-18 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-05 185784]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-7-6 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-7-6 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Kathy\\My Documents\\All Mom's Stuff\\Dell Progs\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCMService.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/26/2007 7:27 PM 24652]
S2 Windows IPSEC Monitor;Windows IPSEC Monitor;c:\windows\system32\test12.exe [1/17/2008 7:40 PM 21504]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2/22/2008 5:01 PM 311112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-06-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (POWERHOUSE-Kathy).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-03-18 23:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1a84989c-e083-4a5d-bd8f-857127a99ec2} - (no file)
BHO-{645d0c7e-ed58-4794-8919-312f43261aeb} - (no file)
BHO-{86C984C9-AAA6-414E-9370-C0CF070DE00F} - (no file)
BHO-{A1CBCCEA-D995-4C17-B660-9265A99C3895} - (no file)
Notify-jkkJBTKD - jkkJBTKD.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = mihproxy.broward.k12.fl.us:8888
uInternet Settings,ProxyOverride = web
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 20:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Activities]
@="{653DCCC2-13DB-45B2-A389-427885776CFE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Buttons]
@="{124597D8-850A-41AE-849C-017A4FA99CA2}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wheel]
@="{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wireless]
@="{20082881-FC36-4E47-9A7A-644C95FF749F}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\E75939E100E5E5640B3B31E95079FC5A\Usage]
@DACL=(02 0000)
"Main"=dword:2ef90001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\0]
@=""
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\1]
@=""
"http"=dword:00000000
"https"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\2]
@=""
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\3]
@=""
"http"=dword:00000000
"https"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\4]
@=""
"http"=dword:00000000
"https"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3084)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\McAfee.com\Shared\mghtml.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\dllhost.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-30 20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 00:14
ComboFix2.txt 2009-06-29 21:41
ComboFix3.txt 2009-06-29 19:02
ComboFix4.txt 2009-06-28 23:18

Pre-Run: 65,417,535,488 bytes free
Post-Run: 64,858,402,816 bytes free

215 --- E O F --- 2008-04-10 10:19

[tetonbob]

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.

[WIZARD6]

2009-06-30 00:13:06 . 2009-06-30 00:13:06 498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-jkkJBTKD.reg.dat
2009-06-30 00:12:47 . 2009-06-30 00:12:47 157 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{1a84989c-e083-4a5d-bd8f-857127a99ec2}.reg.dat
2009-06-30 00:02:54 . 2009-06-30 00:02:54 5,336 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_jkkJBTKD_.dll.zip
2009-06-29 23:49:02 . 2009-06-29 23:49:04 116,208 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-06-29_19.48.54.zip
2009-06-29 23:22:08 . 2009-06-29 23:22:13 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDTkkK.dll.vir
2009-06-29 21:59:31 . 2009-06-29 21:59:33 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\khfDuTJa.dll.vir
2009-06-29 20:54:03 . 2009-06-29 20:54:05 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\efcAtUOE.dll.vir
2009-06-29 19:54:02 . 2009-06-29 19:54:05 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yayVLfEW.dll.vir
2009-06-29 18:59:13 . 2009-06-29 18:59:13 152 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CPMa36d085f.reg.dat
2009-06-29 18:59:13 . 2009-06-29 18:59:13 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-96883746.reg.dat
2009-06-29 18:59:13 . 2009-06-29 18:59:13 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-16873754.reg.dat
2009-06-29 18:58:53 . 2009-06-30 00:12:48 157 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{A1CBCCEA-D995-4C17-B660-9265A99C3895}.reg.dat
2009-06-29 18:53:56 . 2009-06-29 18:53:58 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUkhffF.dll.vir
2009-06-29 18:35:05 . 2009-06-29 18:35:05 2,500 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sopidkc.reg.dat
2009-06-29 18:35:00 . 2009-06-29 18:35:00 816 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SOPIDKC.reg.dat
2009-06-29 18:34:59 . 2009-06-29 18:34:59 806 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSNCACHE.reg.dat
2009-06-29 15:15:18 . 2009-06-29 15:15:18 1,074 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Kathy\Start Menu\Programs\System Security\System Security 2009 Support.lnk.vir
2009-06-29 15:15:18 . 2009-06-29 15:15:18 1,871 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Kathy\Start Menu\Programs\System Security\System Security 2009.lnk.vir
2009-06-29 15:15:18 . 2009-06-29 15:15:18 1,859 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Kathy\Desktop\System Security 2009.lnk.vir
2009-06-29 14:14:49 . 2009-06-29 14:14:49 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ckjwgnap.dll.vir
2009-06-29 14:14:24 . 2009-06-29 14:46:16 1,406,748 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\asubinov.ini.vir
2009-06-29 01:34:31 . 2009-06-29 17:34:55 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\16873754\pc16873754ins.vir
2009-06-29 01:34:31 . 2009-06-29 17:26:10 56 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\16873754\pc16873754cnf.vir
2009-06-28 23:14:03 . 2009-06-28 23:14:07 136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-ntuser.reg.dat
2009-06-28 23:13:37 . 2009-06-28 23:13:38 151 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-BMa36d085f.reg.dat
2009-06-28 23:13:26 . 2009-06-28 23:13:29 149 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-a05e3bc3.reg.dat
2009-06-28 23:13:23 . 2009-06-28 23:13:26 140 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-autoload.reg.dat
2009-06-28 23:13:20 . 2009-06-28 23:13:22 135 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ntuser.reg.dat
2009-06-28 23:13:14 . 2009-06-28 23:13:19 190 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-runner1.reg.dat
2009-06-28 23:13:10 . 2009-06-28 23:13:41 1,406,730 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\abapaweg.ini.vir
2009-06-28 23:12:35 . 2009-06-28 23:12:35 143 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-VnrBlock20.reg.dat
2009-06-28 23:12:35 . 2009-06-28 23:12:35 140 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-GetPack20.reg.dat
2009-06-28 23:12:35 . 2009-06-28 23:12:35 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-GetModule21.reg.dat
2009-06-28 23:12:35 . 2009-06-28 23:12:35 139 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-autoload.reg.dat
2009-06-28 23:12:34 . 2009-06-28 23:12:35 134 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-ntuser.reg.dat
2009-06-28 23:12:26 . 2009-06-30 00:12:48 157 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{86C984C9-AAA6-414E-9370-C0CF070DE00F}.reg.dat
2009-06-28 23:12:22 . 2009-06-30 00:12:47 201 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{645d0c7e-ed58-4794-8919-312f43261aeb}.reg.dat
2009-06-28 23:09:47 . 2009-06-28 16:39:18 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir
2009-06-28 23:09:46 . 2009-06-21 14:22:58 8 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\comsa32.sys.vir
2009-06-28 23:09:30 . 2009-06-28 23:09:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Manson\liser.exe.vir
2009-06-28 23:09:30 . 2009-06-29 17:26:28 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Manson\liser.dll.vir
2009-06-28 23:07:01 . 2009-06-28 23:07:02 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cgbpffhx.dll.vir
2009-06-28 2319 . 2009-06-28 2319 64,784 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\16873754\16873754.glu.vir
2009-06-28 2319 . 2009-06-28 2319 46,117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\96883746\96883746.exe.vir
2009-06-28 2319 . 2009-06-28 2319 637,477 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\16873754\16873754.exe.vir
2009-06-28 23:04:01 . 2009-06-29 17:33:40 1,638 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\MWHNmUtv.ini2.vir
2009-06-28 23:03:59 . 2009-06-29 17:34:57 1,638 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\MWHNmUtv.ini.vir
2009-06-28 23:03:52 . 2009-06-28 23:03:54 236,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUmNHWM.dll.vir
2009-06-28 22:51:37 . 2009-06-28 22:51:37 529,496 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_ssqOIYRK_.dll.zip
2009-06-28 22:46:32 . 2009-06-28 22:46:32 2,656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BTYB.reg.dat
2009-06-28 22:46:32 . 2009-06-28 22:46:32 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTYB.reg.dat
2009-06-28 22:45:51 . 2009-06-28 22:45:51 2,746 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MsSecurity1.209.4.reg.dat
2009-06-28 22:45:50 . 2009-06-28 22:45:50 1,148 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSSECURITY1.209.4.reg.dat
2009-06-28 22:45:03 . 2009-06-29 23:59:23 9,181 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-06-28 21:52:14 . 2009-06-30 00:02:54 1,139 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-03-29 14:14:22 . 2009-03-29 14:14:22 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zohewigu.dll.vir
2009-03-29 14:14:22 . 2009-06-29 23:49:02 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rapevivo.dll.vir
2009-03-29 14:14:22 . 2009-06-29 23:49:03 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wogiregu.dll.vir
2009-03-29 14:13:37 . 2009-06-29 14:13:38 83,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hisekeke.dll.vir
2009-03-29 14:13:37 . 2009-06-29 14:13:39 79,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vonibusa.dll.vir
2009-03-28 23:12:55 . 2009-06-28 23:12:56 79,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gewapaba.dll.vir
2009-03-28 23:12:55 . 2009-06-28 23:12:56 83,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lulakodu.dll.vir
2008-09-06 20:55:13 . 2009-06-28 22:36:07 1,300,090 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pomcbfsh.ini.vir
2008-09-06 20:55:12 . 2008-09-06 20:55:13 96,320 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hsfbcmop.dll.vir
2008-09-06 20:52:13 . 2008-09-06 20:52:13 120,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mkzqbm.dll.vir
2008-09-06 20:52:12 . 2008-09-06 20:52:13 120,896 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\auyhtfsm.dll.vir
2008-09-06 20:46:36 . 2008-09-06 20:46:36 104,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ufrxwlsb.dll.vir
2008-09-05 00:11:47 . 2008-09-05 00:11:47 121,408 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xlbaxh.dll.vir
2008-09-05 00:11:46 . 2008-09-05 00:11:47 121,408 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ouiesaaa.dll.vir
2008-09-05 00:10:44 . 2008-09-06 20:45:41 1,299,670 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\abrqwwox.ini.vir
2008-09-05 00:10:20 . 2008-09-05 00:10:21 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kwnedvrw.dll.vir
2008-09-04 23:23:06 . 2008-09-04 23:23:06 26 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\VnrBlock\xtarga.gz.vir
2008-09-04 23:21:06 . 2008-09-06 20:46:01 195,616 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\GetModule\dicik.gz.vir
2008-09-04 23:21:05 . 2008-09-04 23:21:05 78,122 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\GetModule\kwdik.gz.vir
2008-09-04 12:42:34 . 2008-09-04 12:42:33 121,408 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xediwl.dll.vir
2008-09-04 12:42:33 . 2008-09-04 12:42:33 121,408 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\matgkkmq.dll.vir
2008-09-04 12:40:37 . 2008-09-04 23:59:53 1,299,610 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gryalfbh.ini.vir
2008-09-04 12:40:25 . 2008-09-04 12:40:26 94,272 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hbflayrg.dll.vir
2008-09-04 12:39:57 . 2008-09-04 12:39:57 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\axhkxruh.dll.vir
2008-08-31 01:28:55 . 2008-09-04 11:23:44 1,449,537 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ipglxpgx.ini.vir
2008-08-31 01:28:53 . 2008-08-31 01:28:55 95,296 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xgpxlgpi.dll.vir
2008-08-31 01:25:57 . 2008-08-31 01:25:56 112,704 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\blgtwi.dll.vir
2008-08-31 01:25:53 . 2008-08-31 01:25:56 112,704 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dstchmwk.dll.vir
2008-08-31 01:22:53 . 2008-08-31 01:22:55 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uxhhseab.dll.vir
2008-08-30 01:28:58 . 2008-08-30 01:28:58 110,656 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ysmybw.dll.vir
2008-08-30 01:28:53 . 2008-08-30 01:28:58 110,656 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sqyejlvc.dll.vir
2008-08-30 01:23:05 . 2008-08-31 01:24:11 1,449,477 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rhtudfnm.ini.vir
2008-08-30 01:20:06 . 2008-08-30 01:20:07 106,560 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qtpxxhwb.dll.vir
2008-08-29 01:20:14 . 2008-08-29 01:20:14 119,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sdeasq.dll.vir
2008-08-29 01:20:14 . 2008-08-29 01:20:14 119,872 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ophqqilc.dll.vir
2008-08-29 01:20:09 . 2008-08-29 01:20:43 1,457,914 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\aefkdoiw.ini.vir
2008-08-29 01:20:06 . 2008-08-29 01:20:09 95,296 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wiodkfea.dll.vir
2008-08-29 01:19:49 . 2008-08-29 01:19:54 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lrwrbdow.dll.vir
2008-08-29 00:23:16 . 2008-08-29 00:23:15 119,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jmhlab.dll.vir
2008-08-29 00:23:12 . 2008-08-29 00:23:15 119,872 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kwpavxen.dll.vir
2008-08-27 15:28:58 . 2008-08-29 00:17:53 1,456,506 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hbognqyl.ini.vir
2008-08-27 15:25:48 . 2008-08-27 15:25:48 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nmpidflq.dll.vir
2008-08-26 15:31:50 . 2008-08-26 15:31:49 120,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rlgzpd.dll.vir
2008-08-26 15:31:49 . 2008-08-26 15:31:49 120,896 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wyfmxgkb.dll.vir
2008-08-26 15:29:00 . 2008-08-26 15:29:11 1,454,777 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tpjubvuo.ini.vir
2008-08-26 15:28:49 . 2008-08-26 15:28:49 95,296 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ouvbujpt.dll.vir
2008-08-26 15:24:06 . 2008-08-26 15:24:06 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kiyvkkya.dll.vir
2008-08-25 13:12:54 . 2008-08-25 13:12:53 120,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\oztnhw.dll.vir
2008-08-25 13:12:53 . 2008-08-25 13:12:53 120,384 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ikamumjo.dll.vir
2008-08-25 13:07:24 . 2008-08-25 13:58:07 1,463,228 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\aqtcryqi.ini.vir
2008-08-25 13:07:12 . 2008-08-25 13:07:12 96,832 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\iqyrctqa.dll.vir
2008-08-25 1348 . 2008-08-25 1349 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dnrkdgal.dll.vir
2008-08-24 13:10:00 . 2008-08-24 13:10:11 1,463,183 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rdxytoeu.ini.vir
2008-08-24 13:09:47 . 2008-08-24 13:09:47 96,832 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ueotyxdr.dll.vir
2008-08-24 1349 . 2008-08-24 1349 120,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zdhycg.dll.vir
2008-08-24 1348 . 2008-08-24 1349 120,384 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pcuoabyg.dll.vir
2008-08-24 13:04:51 . 2008-08-24 13:04:51 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ovjfshlg.dll.vir
2008-08-24 02:46:50 . 2008-08-24 02:46:49 120,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\obdnfn.dll.vir
2008-08-24 02:46:49 . 2008-08-24 02:46:49 120,384 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lmeakmtu.dll.vir
2008-08-24 02:37:44 . 2008-08-24 12:42:20 1,463,543 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ommjbhdt.ini.vir
2008-08-24 02:37:42 . 2008-08-24 02:37:42 96,832 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tdhbjmmo.dll.vir
2008-08-24 02:37:28 . 2008-08-24 02:37:28 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pvsvsvou.dll.vir
2008-08-22 23:20:16 . 2008-08-24 02:36:05 32,211 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\iCheck\Uninstall.exe.vir
2008-08-22 23:20:09 . 2008-08-22 23:20:09 192,190 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\mainladupd.exe.vir
2008-08-22 23:20:03 . 2008-08-24 02:35:48 191,465 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\wadsvupd.exe.vir
2008-08-22 20:49:37 . 2008-08-22 20:49:35 119,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mstmye.dll.vir
2008-08-22 20:49:35 . 2008-08-22 20:49:35 119,872 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hekglenq.dll.vir
2008-08-22 20:43:40 . 2008-08-24 02:35:50 1,463,363 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vfsnttht.ini.vir
2008-08-22 20:41:42 . 2008-08-22 20:41:42 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uwvsajpc.dll.vir
2008-08-19 12:11:25 . 2008-08-19 12:21:35 1,496,325 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ecnvjkiy.ini.vir
2008-08-19 12:11:14 . 2008-08-19 12:11:14 94,272 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yikjvnce.dll.vir
2008-08-19 12:08:51 . 2008-08-19 12:08:50 119,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kzkfnz.dll.vir
2008-08-19 12:08:50 . 2008-08-19 12:08:50 119,872 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hfvcuurl.dll.vir
2008-08-19 12:08:41 . 2008-08-19 12:08:41 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qlkkylsk.dll.vir
2008-08-19 12:07:38 . 2008-08-19 12:07:38 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kqtyumhr.dll.vir
2008-08-04 18:17:32 . 2008-08-04 18:17:32 343,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\VnrBlock\VnrBlock20.exe.vir
2008-08-04 13:27:20 . 2008-08-04 13:27:20 351,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files\GetModule\GetModule21.exe.vir
2008-07-22 10:36:58 . 2008-07-22 10:36:58 350,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\GetPack\GetPack20.exe.vir
2008-06-02 18:46:50 . 2008-06-02 18:46:51 103,488 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uhhmodqg.dll.vir
2008-06-02 18:41:42 . 2008-06-02 18:41:53 1,657,882 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yxbjqvxk.ini.vir
2008-06-02 18:41:27 . 2008-06-02 18:41:28 94,784 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kxvqjbxy.dll.vir
2008-06-02 18:40:19 . 2008-06-02 18:40:20 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jfcjlqur.dll.vir
2008-05-31 23:21:46 . 2008-05-31 23:22:09 1,658,066 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rsghytiq.ini.vir
2008-05-31 23:21:45 . 2008-05-31 23:21:46 94,272 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qityhgsr.dll.vir
2008-05-31 23:18:45 . 2008-05-31 23:18:46 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\okaijikp.dll.vir
2008-05-31 23:14:12 . 2008-05-31 23:14:12 101,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvrhkfg.dll.vir
2008-05-30 20:27:24 . 2008-05-30 20:27:25 103,488 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\equvncpv.dll.vir
2008-05-30 20:24:34 . 2008-05-31 23:22:08 1,658,006 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rdsibgfx.ini.vir
2008-05-30 20:22:13 . 2008-05-30 20:22:13 101,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dyjacdnk.dll.vir
2008-05-29 20:28:52 . 2008-05-29 20:28:52 103,488 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fyeplgfo.dll.vir
2008-05-29 20:25:58 . 2008-05-30 18:48:27 654 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mepsgdru.ini.vir
2008-05-29 20:22:53 . 2008-05-29 20:22:54 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\itvmpjer.dll.vir
2008-05-29 20:00:14 . 2008-05-29 20:16:48 354 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lcbosjvs.ini.vir
2008-05-29 19:57:09 . 2008-05-29 19:57:10 103,488 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ylmoxnnc.dll.vir
2008-05-28 20:22:08 . 2008-05-28 20:22:09 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mlpkshkp.dll.vir
2008-05-27 20:25:17 . 2008-05-28 20:09:54 1,619,607 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bsxlktjp.ini.vir
2008-05-27 20:25:03 . 2008-05-27 20:25:04 95,808 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pjtklxsb.dll.vir
2008-05-27 20:21:09 . 2008-05-27 20:21:09 102,976 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\iontsskl.dll.vir
2008-05-26 13:13:13 . 2008-05-26 14:22:00 1,567,728 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ueyfraua.ini.vir
2008-05-26 13:13:02 . 2008-05-26 13:13:03 94,272 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\auarfyeu.dll.vir
2008-05-26 13:08:08 . 2008-05-26 13:08:09 104,000 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qwaadqwj.dll.vir
2008-05-26 13:07:58 . 2008-05-26 13:07:59 102,464 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hodysgem.dll.vir
2008-05-26 12:28:36 . 2008-05-26 12:38:14 2,545 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\pckr.dat.vir
2008-05-25 13:24:10 . 2008-05-25 13:24:11 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ydfispgi.dll.vir
2008-05-25 1350 . 2008-05-26 12:21:54 1,560,575 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\purmktut.ini.vir
2008-05-25 1336 . 2008-05-25 1337 94,272 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tutkmrup.dll.vir
2008-05-25 1315 . 2008-05-25 1316 102,976 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\iqwashkq.dll.vir
2008-05-24 12:51:00 . 2008-05-24 12:51:00 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dansucgg.dll.vir
2008-05-23 23:11:06 . 2008-05-23 23:11:19 1,560,497 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\henjbnva.ini.vir
2008-05-23 23:10:53 . 2008-05-23 23:10:54 95,808 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\avnbjneh.dll.vir
2008-05-23 23:08:27 . 2008-05-23 23:08:29 103,488 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\idvmunpo.dll.vir
2008-05-22 23:12:40 . 2008-05-23 11:15:41 1,531,675 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\htgydmtd.ini.vir
2008-05-22 23:12:39 . 2008-05-22 23:12:39 95,296 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dtmdygth.dll.vir
2008-05-22 23:09:39 . 2008-05-22 23:09:40 103,488 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gitwxokq.dll.vir
2008-05-22 23:04:12 . 2008-05-22 23:04:13 102,464 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lyfqfxvt.dll.vir
2008-05-21 2304 . 2008-05-22 23:07:08 1,531,597 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\losrojin.ini.vir
2008-05-21 23:05:56 . 2008-05-21 23:05:57 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vkkwrjch.dll.vir
2008-05-21 23:03:18 . 2008-05-21 23:03:18 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ydsvxvox.dll.vir
2008-05-20 19:33:08 . 2008-05-23 14:12:30 143 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-05-19 21:05:31 . 2008-05-19 21:05:31 100,928 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jqwfootf.dll.vir
2008-05-19 21:02:31 . 2008-05-20 23:52:57 1,496,575 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jlswjrml.ini.vir
2008-05-19 21:02:30 . 2008-05-19 21:02:31 93,248 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lmrjwslj.dll.vir
2008-05-19 20:59:51 . 2008-05-19 20:59:52 98,880 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vbrvyspy.dll.vir
2008-05-18 14:14:14 . 2008-05-18 14:14:14 101,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rdmaavkw.dll.vir
2008-05-18 14:12:37 . 2008-05-19 20:59:32 1,496,392 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\oyeqlvjo.ini.vir
2008-05-18 14:12:02 . 2008-05-18 14:12:02 98,880 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\julcfwpc.dll.vir
2008-05-18 14:11:58 . 2008-05-18 14:11:58 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jxgluglc.dll.vir
2008-05-18 13:14:38 . 2008-05-18 14:12:18 1,468,964 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gvpwofnu.ini.vir
2008-05-18 13:14:20 . 2008-05-18 13:14:21 101,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\phmoirsa.dll.vir
2008-05-18 13:11:20 . 2008-05-18 13:11:20 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\auwblprk.dll.vir
2008-05-18 13:09:20 . 2008-05-18 13:09:21 98,880 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xynpiike.dll.vir
2008-05-17 12:21:29 . 2008-05-31 23:12:00 195,855 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\dictys.gz.vir
2008-05-17 11:54:03 . 2008-05-17 11:54:03 100,928 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jhqnmoxs.dll.vir
2008-05-17 11:49:53 . 2008-05-17 1818 1,470,321 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ylcosmfh.ini.vir
2008-05-17 11:49:51 . 2008-05-17 11:49:52 92,224 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hfmsocly.dll.vir
2008-05-17 11:49:36 . 2008-05-17 11:49:37 100,928 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wcxphhxn.dll.vir
2008-05-17 11:49:10 . 2008-05-17 11:49:10 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fbgyyyom.dll.vir
2008-05-17 11:45:34 . 2008-05-17 11:45:34 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dladrlvg.dll.vir
2008-05-15 19:44:25 . 2008-05-17 11:46:11 1,469,450 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jmiknvor.ini.vir
2008-05-15 19:41:38 . 2008-05-15 19:41:39 101,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xsxwooju.dll.vir
2008-05-15 19:38:52 . 2008-05-15 19:38:54 99,904 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lmyfeemq.dll.vir
2008-05-15 19:36:35 . 2008-05-15 19:36:35 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uvohquiu.dll.vir
2008-05-15 19:23:18 . 2008-05-15 19:23:18 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\enloysyh.dll.vir
2008-05-15 19:20:20 . 2008-05-15 19:20:21 99,904 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gmqnswty.dll.vir
2008-05-14 19:30:14 . 2008-05-14 19:30:14 101,440 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\usydbmwe.dll.vir
2008-05-14 19:27:25 . 2008-05-15 19:41:33 1,548,422 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qluaiurm.ini.vir
2008-05-14 19:24:14 . 2008-05-14 19:24:15 96,832 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nrelsqio.dll.vir
2008-05-14 19:21:14 . 2008-05-14 19:21:14 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kgpkobsm.dll.vir
2008-05-13 19:28:22 . 2008-05-13 19:36:04 406 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rugdcgrb.ini.vir
2008-05-13 19:28:11 . 2008-05-13 19:28:12 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\brgcdgur.dll.vir
2008-05-13 19:25:11 . 2008-05-13 19:25:12 100,928 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rhhpaunc.dll.vir
2008-05-13 19:19:11 . 2008-05-13 19:19:11 3,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tplbpnaf.dll.vir
2008-05-13 19:18:28 . 2008-05-13 19:18:29 100,928 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\oieippat.dll.vir
2008-05-13 10:32:30 . 2008-05-13 10:32:30 364,544 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\QdrModule16.exe.vir
2008-05-12 20:58:30 . 2008-05-12 20:58:30 360,448 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\QdrPack16.exe.vir
2008-05-11 17:24:45 . 2008-05-11 17:24:46 101,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tknybhtw.dll.vir
2008-05-11 17:24:34 . 2008-05-11 17:24:35 98,368 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dvtpwawj.dll.vir
2008-05-11 13:50:01 . 2009-06-29 18:53:47 560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\Bat.info.vir
2008-05-10 17:28:35 . 2008-05-11 17:29:26 1,505,103 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uoruoivu.ini.vir
2008-05-10 17:28:23 . 2008-05-10 17:28:24 91,712 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\uviourou.dll.vir
2008-05-10 17:25:21 . 2008-05-10 17:25:22 102,464 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hcaqspkj.dll.vir
2008-05-10 17:23:54 . 2008-05-10 17:23:55 100,416 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xkcasrmh.dll.vir
2008-05-10 16:24:34 . 2008-05-10 16:54:43 1,505,139 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tdfbymbt.ini.vir
2008-05-10 16:24:14 . 2008-05-10 16:24:16 91,712 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tbmybfdt.dll.vir
2008-05-10 13:42:59 . 2008-05-10 13:43:01 102,464 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mytyxrfg.dll.vir
2008-05-10 13:40:13 . 2008-05-10 13:40:14 100,416 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrpfrgi.dll.vir
2008-05-09 01:07:50 . 2008-05-09 01:07:52 101,440 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gnuosrhm.dll.vir
2008-05-09 01:05:44 . 2008-05-10 13:47:36 1,385,552 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\liscugrh.ini.vir
2008-05-09 01:05:41 . 2008-05-09 01:05:42 90,176 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hrgucsil.dll.vir
2008-05-09 01:05:30 . 2008-05-09 01:05:30 99,904 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dkeuoqni.dll.vir
2008-05-08 11:27:21 . 2008-05-09 00:24:25 1,385,283 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kucflclh.ini.vir
2008-05-08 11:21:20 . 2008-05-08 11:21:21 106,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpmusvwt.dll.vir
2008-05-08 11:18:55 . 2008-05-08 11:18:56 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bcukneeo.dll.vir
2008-05-07 11:21:21 . 2008-05-08 11:22:54 1,506,815 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tfdoyyyv.ini.vir
2008-05-07 11:18:49 . 2008-05-07 11:18:50 106,560 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wuxdjsyf.dll.vir
2008-05-07 11:18:40 . 2008-05-07 11:18:41 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\crtseexh.dll.vir
2008-05-06 01:15:07 . 2008-05-07 11:17:22 1,487,720 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\qhkndwdx.ini.vir
2008-05-06 01:12:06 . 2008-05-06 01:12:06 107,584 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gatmpnlb.dll.vir
2008-05-06 01:09:07 . 2008-05-06 01:09:08 104,000 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ldjolacp.dll.vir
2008-05-06 00:09:52 . 2008-05-06 00:09:53 107,584 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lodnjcgi.dll.vir
2008-05-06 00:07:05 . 2008-05-06 00:15:11 1,479,891 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fhklhwtk.ini.vir
2008-05-06 00:04:42 . 2008-05-06 00:04:42 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\aluduxoa.dll.vir
2008-05-04 16:07:29 . 2008-05-04 16:07:29 294 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\xmuxdmmp.ini.vir
2008-05-04 16:07:18 . 2008-05-04 16:07:18 96,320 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pmmdxumx.dll.vir
2008-05-04 16:03:54 . 2008-05-04 16:03:54 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ixdfafig.dll.vir
2008-05-04 16:01:50 . 2008-05-04 16:01:50 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ekhkqsjw.dll.vir
2008-05-02 18:53:18 . 2008-05-04 15:48:02 1,482,235 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ttdqecvr.ini.vir
2008-05-02 18:53:07 . 2008-05-02 18:53:08 96,320 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rvceqdtt.dll.vir
2008-05-02 18:50:07 . 2008-05-02 18:50:08 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rokspnse.dll.vir
2008-05-02 18:48:39 . 2008-05-02 18:48:40 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bicukthk.dll.vir
2008-04-30 23:55:17 . 2008-04-30 23:55:18 105,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hsjyqbiu.dll.vir
2008-04-30 23:53:47 . 2008-04-30 23:54:14 1,484,129 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mojuijqi.ini.vir
2008-04-30 23:53:46 . 2008-04-30 23:53:47 96,320 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\iqjiujom.dll.vir
2008-04-30 23:53:23 . 2008-04-30 23:53:24 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fsyylrsx.dll.vir
2008-04-29 23:56:08 . 2008-04-29 23:56:09 107,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bhaviorj.dll.vir
2008-04-29 23:53:04 . 2008-04-30 20:34:06 1,484,062 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\perjwwuh.ini.vir
2008-04-29 23:52:54 . 2008-04-29 23:52:55 104,512 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ydntbqfw.dll.vir
2008-04-28 23:56:19 . 2008-04-28 23:56:20 108,608 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\snyrqxlr.dll.vir
2008-04-28 23:53:36 . 2008-04-29 21:29:21 1,484,283 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hntcxgfi.ini.vir
2008-04-28 23:53:18 . 2008-04-28 23:53:19 104,000 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\luigyeuw.dll.vir
2008-04-27 23:57:26 . 2008-04-27 23:57:27 107,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kbsmijse.dll.vir
2008-04-27 23:54:27 . 2008-04-28 23:45:40 1,484,392 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cdpjnwne.ini.vir
2008-04-27 23:51:29 . 2008-04-27 23:51:29 105,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bxpgfadr.dll.vir
2008-04-27 00:59:20 . 2008-05-26 12:26:32 185,506 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\dicy.gz.vir
2008-04-27 00:59:20 . 2008-04-27 00:59:20 78,122 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\kwdy.gz.vir
2008-04-27 00:15:10 . 2008-08-25 13:56:01 5,281 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-04-26 23:55:03 . 2008-04-27 15:56:37 1,483,713 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fvdcqqal.ini.vir
2008-04-26 23:51:54 . 2008-04-26 23:51:55 107,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dfflvxpc.dll.vir
2008-04-26 23:49:51 . 2009-06-28 22:35:43 21 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-04-26 23:49:51 . 2008-04-28 00:16:42 103,505 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\BMa36d085f.txt.vir
2008-04-26 23:49:51 . 2009-06-28 16:47:13 111,567 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\BMa36d085f.xml.vir
2008-04-26 23:49:48 . 2008-04-26 23:49:48 106,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tshgltsr.dll.vir
2008-04-26 11:49:23 . 2008-04-26 11:17:18 178,419 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\X_Bat.exe.vir
2008-04-26 11:49:23 . 2009-06-29 23:18:23 60,286 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\X_Bat.log.vir
2008-04-26 11:29:51 . 2008-04-26 11:18:26 12,288 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\cftmon.exe.vir
2008-04-26 11:22:11 . 2009-06-28 22:44:46 2,471 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\KRYIOqss.ini2.vir
2008-04-26 11:22:10 . 2009-06-28 22:46:33 2,471 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\KRYIOqss.ini.vir
2008-04-26 11:22:05 . 2009-06-28 22:49:45 283,136 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqOIYRK.dll.vir
2008-04-26 11:19:28 . 2008-04-26 11:19:28 37,376 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\17PHolmes72.exe.vir
2008-04-26 11:18:33 . 2008-04-26 11:18:26 12,288 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Kathy\cftmon.exe.vir
2008-04-26 11:18:33 . 2008-04-26 11:18:26 12,288 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\spools.exe.vir
2008-04-26 11:18:06 . 2008-04-26 11:18:06 37,376 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\mrofinu72.exe.tmp.vir
2008-04-26 11:18:06 . 2008-04-26 11:18:49 37,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\mrofinu72.exe.vir
2008-04-26 11:17:51 . 2009-06-28 16:32:42 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\megavid.cdt.vir
2008-04-26 11:17:50 . 2008-04-26 11:17:45 29,696 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\winself.exe.vir
2008-04-26 11:17:50 . 2009-06-28 17:09:49 33 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\muotr.so.vir
2008-04-26 11:17:48 . 2008-04-26 11:17:48 653 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Kathy\Start Menu\Programs\Startup\Bat - Auto Update.lnk.vir
2008-04-26 11:17:36 . 2008-03-08 01:15:04 319,488 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\Info.dll.vir
2008-04-26 11:17:35 . 2007-10-07 11:58:06 404,624 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\un_BatSetup_15041.exe.vir
2008-04-26 11:17:32 . 2008-04-26 11:17:48 3,398 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\un_BatSetup_15041.txt.vir
2008-04-26 11:17:23 . 2008-04-26 11:17:18 178,419 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\Bat.exe.vir
2008-04-26 11:17:23 . 2008-03-08 01:15:10 145 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\Bat.dll.intermediate.manifest.vir
2008-04-26 11:17:22 . 2008-03-08 01:15:12 413,696 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\Bat.dll.vir
2008-04-26 11:17:22 . 2009-06-29 18:53:47 2,115 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Bat\Bat.original.vir
2008-04-26 11:16:53 . 2009-06-29 23:49:00 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkJBTKD.dll.vir
2008-04-26 04:52:08 . 2008-04-26 04:52:08 8,780 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\000080.exe.vir
2008-04-25 18:33:20 . 2008-04-25 18:33:20 352,256 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir
2008-04-14 00:21:05 . 2008-05-28 00:14:07 32,748 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\ISM\Uninstall.exe.vir
2008-04-03 13:53:32 . 2008-04-03 13:53:32 364,544 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir
2008-03-07 01:22:14 . 2008-03-07 01:22:14 372,736 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\QdrModule13.exe.vir
2008-02-15 11:46:21 . 2008-02-15 11:49:23 1,210 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wscmp.dll.tmp.vir
2008-01-26 20:24:30 . 2008-02-22 20:31:28 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winsrc.dll.vir
2008-01-26 20:24:30 . 2008-02-11 00:39:23 230,912 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wscmp.dll.vir
2008-01-26 20:23:53 . 2008-02-07 14:31:05 3,262 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sex5.ico.vir
2008-01-26 20:23:19 . 2008-02-07 14:17:22 3,262 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sex4.ico.vir
2008-01-26 20:22:45 . 2008-02-07 14:30:02 3,262 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sex3.ico.vir
2008-01-26 20:22:12 . 2008-02-07 14:29:31 3,262 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sex2.ico.vir
2008-01-26 20:21:37 . 2008-02-07 14:31:36 3,262 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sex1.ico.vir
2008-01-26 20:19:30 . 2008-02-22 20:31:28 2,752 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ntload.sys.vir
2008-01-26 20:18:29 . 2008-09-07 23:33:06 8 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\CID.vir
2008-01-26 20:18:29 . 2008-09-07 23:33:06 114 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\url3.vir
2008-01-26 20:18:29 . 2008-09-07 23:33:06 102 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\url1.vir
2008-01-26 20:18:29 . 2008-09-07 23:33:06 102 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\url2.vir
2008-01-26 20:18:26 . 2008-01-26 20:18:26 4 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SvcNm.vir
2008-01-26 20:18:26 . 2008-01-26 20:18:18 34,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\svcd\svchost.exe.vir
2008-01-21 21:03:22 . 2008-01-21 21:03:22 356,352 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\QdrPack12.exe.vir
2007-12-27 22:27:06 . 2007-12-27 22:27:06 20,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RcvSystem\httpdchk.dll.vir
2007-12-17 22:54:12 . 2007-12-17 22:54:12 397,312 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\QdrPack11.exe.vir
2007-12-01 19:42:41 . 2007-12-01 19:42:41 197,810 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\zhydupd.exe.vir
2007-11-30 11:45:52 . 2007-11-30 11:45:52 376,832 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\QdrPack10.exe.vir
2007-11-18 02:00:48 . 2008-05-15 19:35:48 186,001 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\dicts.gz.vir
2007-11-18 02:00:46 . 2008-05-10 11:56:59 8,719 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\trgts.gz.vir
2007-11-08 20:48:56 . 2008-02-12 21:42:23 268,562 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\dic.gz.vir
2007-11-08 20:48:52 . 2007-12-11 02:27:17 78,122 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\kwd.gz.vir
2007-11-01 19:51:50 . 2007-11-01 19:51:50 352,256 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrModule\QdrModule9.exe.vir
2007-10-31 18:29:08 . 2007-10-31 18:29:08 376,832 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\QdrPack\QdrPack9.exe.vir
2007-09-24 00:05:16 . 2007-09-24 00:05:16 279,600 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir
2005-03-18 18:09:29 . 2008-08-19 12:04:46 4,232 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2005-03-18 18:09:29 . 2008-07-27 17:59:54 5,524 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 263 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Install.txt.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 10 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\FInstall.sys.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 263 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Install.txt.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msncache.dll.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 135,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tpszxyd.sys.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir
2004-08-04 11:00:00 . 2004-08-04 11:00:00 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wiwow64.exe.vir
2000-10-27 23:23:18 . 2000-10-27 23:23:18 50,688 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\BSZIP.DLL.vir

[tetonbob]

Great! You're doing fine...

We have more work to do....

• Please visit this site:
  
  
  http://www.bleepingcomputer.com/subm....php?channel=4
  
  
• In the Link to topic where this file was requested: area, copy and paste this
  
  
  
  http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/389560-dell-imspiron-9300-spyware-doctor-problem-2.html#post2214546
  
  
  
• In the Browse to the file you want to submit: area, copy and paste this
  
  
  
  C:\Qoobox\Quarantine\[4]-Submit_2009-06-29_19.48.54.zip
  
  
  
• Then click Send File.
  
• Once it shows:
  

  Quote:

  Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

• Close the site and continue with the steps below.

I missed a couple items. We need to run ComboFix once again. It's best run in Normal mode. If you run into trouble with McAfee, run the script in Safe Mode.

Please disable McAfee using the previous instruction, or it will intefere with ComboFix.

McAfee:

Double-click the taskbar icon to open the Security Center
Click Advanced Menu (lower left)
Click Configure (left)
Click Computer & Files (upper left)
VirusScan can be disabled on the right, and set when it should resume (30 minutes should be sufficient) or you choose Never, and re-enable manually after ComboFix has completed it's tasks.



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Quote:

   File::
   c:\windows\system32\test12.exe
   c:\windows\system32\borababu.dll
   Folder::
   c:\program files\Manson
   Driver::
   Windows IPSEC Monitor
   

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
   
   
3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
4. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
5. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   
   
   ---------------------------------------------------------------------------------------------

[WIZARD6]

went to the web site copy and paste frist one in the link to topic.
can't get the other one to copy and paste in the browse to the file -- in the little box right

[tetonbob]

Yes, that's right. Looks like this:



If you can't copy/paste, you can use the browse button, which opens an Explorer-type window. You could then navigate to the file location, Click first on My Computer, then in the right hand pane, C drive, then look for Qoobox, then Quarantine, then the file, [4]-Submit_2009-06-29_19.48.54.zip and then click on Open, then Send.

[WIZARD6]

click the browse my computer then c drive then Qoobox then Quarantine,then the file right click--click open don't see send -- lost

[tetonbob]

Hi -

then the file, [4]-Submit_2009-06-29_19.48.54.zip and then click on Open

Don't right click the file...just highlight it, single left click. Then Click Open in the Explorer-type window. This should put the file path into that box I have the red arrow in. Next, click on Send File, where I have the second red arrow.

[tetonbob]

Good job, thanks. The file was successfully uploaded. Waiting now on the next ComboFix log.

[WIZARD6]

think i got it,,

.. says .
malware submission.
you'r file was successfully submitted. please let the user helping you know you have submitted the file .

how do i let them know

[tetonbob]

You just did.

Thanks. Now waiting on the next ComboFix log

[WIZARD6]

draged the new Quote on the desk top to combo fix and it's running

[WIZARD6]

ComboFix 09-06-29.02 - Kathy 06/29/2009 22:55.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.200 [GMT -4:00]
Running from: c:\documents and settings\Kathy\Desktop\cbfix.exe
Command switches used :: c:\documents and settings\Kathy\Desktop\cfscript.txt-2.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"c:\windows\system32\borababu.dll"
"c:\windows\system32\test12.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Manson
c:\windows\system32\borababu.dll
c:\windows\system32\test12.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_IPSEC_MONITOR
-------\Service_Windows IPSEC Monitor


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 00:40 . 2009-06-30 01:29 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-30 00:20 . 2006-02-15 00:22 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-06-30 00:20 . 2004-11-16 22:03 108791 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-06-30 00:20 . 2004-08-04 11:00 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-06-30 00:20 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2009-06-28 23:14 . 2009-06-28 23:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- c:\program files\trend micro
2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- C:\rsit
2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\IECompatCache
2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\PrivacIE
2009-06-28 16:43 . 2009-06-28 16:43 -------- d-sh--w- c:\documents and settings\Kathy\IETldCache
2009-06-28 16:10 . 2009-06-28 16:12 -------- dc-h--w- c:\windows\ie8
2009-06-28 05:17 . 2009-06-28 05:17 -------- d-----w- c:\documents and settings\Kathy\Application Data\AOL
2009-06-28 05:17 . 2009-06-28 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe
2009-06-27 02:52 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
2009-06-27 02:52 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 22:10 . 2005-03-18 18:25 -------- d-----w- c:\program files\McAfee.com
2009-06-28 17:53 . 2005-04-24 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-06-28 05:04 . 2008-02-22 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_23.00.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 08:16 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2005-03-23 21:04 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2004-08-11 23:12 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-06-30 00:22 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-30 00:22 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2005-03-23 21:04 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2004-08-11 23:12 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-11 23:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-11 23:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-11 23:12 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-11 23:12 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 14:13 394680 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-18 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-05 185784]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-7-6 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-7-6 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Kathy\\My Documents\\All Mom's Stuff\\Dell Progs\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCMService.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/26/2007 7:27 PM 24652]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2/22/2008 5:01 PM 311112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-06-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (POWERHOUSE-Kathy).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-03-18 23:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1a84989c-e083-4a5d-bd8f-857127a99ec2} - (no file)
BHO-{645d0c7e-ed58-4794-8919-312f43261aeb} - (no file)
BHO-{86C984C9-AAA6-414E-9370-C0CF070DE00F} - (no file)
BHO-{A1CBCCEA-D995-4C17-B660-9265A99C3895} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = mihproxy.broward.k12.fl.us:8888
uInternet Settings,ProxyOverride = web
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 23:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Activities]
@="{653DCCC2-13DB-45B2-A389-427885776CFE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Buttons]
@="{124597D8-850A-41AE-849C-017A4FA99CA2}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wheel]
@="{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wireless]
@="{20082881-FC36-4E47-9A7A-644C95FF749F}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\E75939E100E5E5640B3B31E95079FC5A\Usage]
@DACL=(02 0000)
"Main"=dword:2ef90001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\0]
@=""
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\1]
@=""
"http"=dword:00000000
"https"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\2]
@=""
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\3]
@=""
"http"=dword:00000000
"https"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\4]
@=""
"http"=dword:00000000
"https"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UStorSrv.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\McAfee.com\Shared\mghtml.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\dllhost.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-30 23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 03:15
ComboFix2.txt 2009-06-30 00:15
ComboFix3.txt 2009-06-29 21:41
ComboFix4.txt 2009-06-29 19:02
ComboFix5.txt 2009-06-30 02:53

Pre-Run: 63,976,755,200 bytes free
Post-Run: 63,966,531,584 bytes free

215 --- E O F --- 2008-04-10 10:19

[WIZARD6]

5. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
not sure how to do this