Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Computer Randomly Shut Down

This is a discussion on Computer Randomly Shut Down within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My computer was working fine this morning, then, about 10 hours later(without touching it, but keeping it on and connected


Closed Thread
 
Thread Tools Search this Thread
Old 02-05-2010, 07:18 PM   #1
Guest
 
Join Date: Aug 2009
Posts: 2
OS:



My computer was working fine this morning, then, about 10 hours later(without touching it, but keeping it on and connected to the internet) it wouldn't let any programs open up. I restarted the computer but alls it did was show my Wallpaper in grayscale(if i choose AutoRepair) or a black screen(not BSOD) if I chose to start up Normally. The way I got it to start working again was pretty random - I popped out my disc tray while on the blackscreen and it worked. I thought the disc might be the problem so I tried booting without the disc, didn't work. I swapped out disc drives and it also didn't work, so I guess it was dumb luck.

I did a MalwareBytes scan and found nothing, then M Security essentials found a file called Pasur!rts(at least according to Microsoft). It couldn't be removed but could be quarantined. I then just went on the internet, hoping things were fixed. But then it just randomly shut down and I got a Blue Screen saying it auto shutdown to help me(or something like that).

It's been a few hours since, and I just want to be sure I'm good to go

Here's a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:23 PM, on 2/5/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
E:\mri.exe
E:\Malware\Utilities\Trend Micro\HijackThis\HIJACKTHIS V2.0.2.EXE
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O9 - Extra button: YouTubeDriver - Download YouTube Videos - {4e6dcd69-01a4-40b6-ac78-8109fe153a4c} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6852 bytes



______________________________________________________
And the logs that were created from ComboFix

ComboFix 10-02-05.02 - Matt 02/05/2010 20:54:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1775 [GMT -5:00]
Running from: c:\users\Matt\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1532231638-4276550316-755594148-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys
c:\users\Matt\AppData\Roaming\.#
c:\users\Matt\AppData\Roaming\.#\[email protected]@1CB28D8.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@1CB2908.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@1CB2938.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@1F328D8.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@1F32908.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@1F32938.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@2A28D8.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@2A2908.###
c:\users\Matt\AppData\Roaming\.#\[email protected]@2A2938.###
c:\windows\patchw.dll
c:\windows\system32\oem4.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 02:00 . 2010-02-06 02:01 -------- d-----w- c:\users\Matt\AppData\Local\temp
2010-02-06 02:00 . 2010-02-06 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-06 00:24 . 2009-12-15 16:24 293376 ----a-w- c:\users\Matt\gmer.exe
2010-02-05 20:14 . 2010-02-05 20:14 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-05 14:10 . 2010-02-05 14:10 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-05 12:17 . 2010-02-05 12:17 272384 ----a-w- c:\users\Matt\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
2010-02-05 12:17 . 2010-02-05 12:17 196608 ----a-w- c:\users\Matt\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2010-02-05 12:17 . 2010-02-05 12:17 258048 ----a-w- c:\users\Matt\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2010-02-05 12:16 . 2010-02-05 12:16 -------- d-----w- c:\users\Matt\AppData\Roaming\Acreon
2010-02-05 12:16 . 2010-02-05 20:21 -------- d-----w- c:\users\Matt\AppData\Local\._Revolution_
2010-01-31 20:22 . 2010-01-31 20:22 -------- d-----w- c:\users\Matt\AppData\Local\Apps
2010-01-31 20:22 . 2010-02-05 20:17 -------- d-----w- c:\users\Matt\AppData\Local\Deployment
2010-01-29 12:25 . 2010-01-29 12:25 -------- d-----w- c:\windows\system32\Futuremark
2010-01-29 12:25 . 2007-08-20 16:05 27672 ----a-w- c:\windows\system32\drivers\Entech.sys
2010-01-29 12:25 . 2010-01-29 12:25 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-01-25 19:36 . 2009-08-06 16:54 77824 ----a-w- c:\users\Matt\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Digits.tla.dll
2010-01-25 19:36 . 2009-08-06 16:54 2899968 ----a-w- c:\users\Matt\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Asightforsoreeyes.tls.dll
2010-01-25 19:28 . 2009-12-18 05:14 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-25 19:28 . 2009-12-18 05:09 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-01-25 19:28 . 2009-12-18 05:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-25 19:28 . 2010-01-25 19:28 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-25 19:03 . 2010-01-25 19:03 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-25 18:55 . 2009-06-27 17:26 3787264 ----a-w- c:\users\Matt\nero9keygen.exe
2010-01-25 18:53 . 2010-01-25 18:53 -------- d-----w- c:\users\Matt\AppData\Roaming\Nero
2010-01-25 18:06 . 2010-01-25 18:15 -------- d-----w- c:\program files\Nero
2010-01-25 18:05 . 2010-01-25 18:15 -------- d-----w- c:\program files\Common Files\Nero
2010-01-25 18:05 . 2010-01-25 18:10 -------- d-----w- c:\programdata\Nero
2010-01-25 17:41 . 2010-01-25 18:06 -------- d-----w- c:\users\Matt\AppData\Roaming\ImgBurn
2010-01-25 17:33 . 2010-01-25 17:33 -------- d-----w- c:\program files\ImgBurn
2010-01-25 17:30 . 2006-12-01 23:26 57856 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2010-01-23 20:20 . 2010-01-23 20:20 -------- d-----w- c:\windows\system32\Adobe
2010-01-14 21:52 . 2010-01-14 21:52 3016192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{252205FB-6F9E-B498-6C0D-E641EC25136E}-ZeroGearServer.exe
2010-01-14 21:50 . 2010-01-14 21:50 4917760 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{06F86104-CA1D-E770-D976-44336E78021C}-ZeroGear.exe
2010-01-14 21:45 . 2010-01-14 21:45 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-14 21:45 . 2010-01-14 21:45 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-14 21:45 . 2010-01-14 21:45 -------- d-----w- c:\program files\OpenAL
2010-01-13 00:34 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 00:34 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 14:01 . 2010-01-09 13:57 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-09 13:58 . 2010-01-09 13:57 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-09 13:55 . 2010-01-09 13:55 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-01-09 13:55 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2010-01-09 13:55 . 2010-01-09 13:58 -------- d-----w- c:\programdata\Lavasoft
2010-01-09 13:55 . 2010-01-09 13:55 -------- d-----w- c:\program files\Lavasoft
2010-01-09 05:34 . 2010-01-09 05:34 -------- d-----w- c:\users\Matt\AppData\Roaming\TrojanHunter
2010-01-09 03:12 . 2010-01-09 03:12 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-01-09 03:12 . 2010-01-09 03:12 -------- d-----w- c:\programdata\Geek Squad
2010-01-09 01:32 . 2010-01-24 09:19 -------- d-----w- c:\users\Matt\AppData\Local\actklw
2010-01-09 01:32 . 2010-01-24 09:19 -------- d-----w- c:\users\Matt\AppData\Local\hhitwr
2010-01-08 03:29 . 2010-02-06 00:29 -------- d-----w- c:\users\Matt\AppData\Roaming\uTorrent
2010-01-08 01:35 . 2010-01-08 01:35 -------- d-----w- c:\programdata\ATI
2010-01-08 01:30 . 2010-01-08 01:30 10134 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}\ARPPRODUCTICON.exe
2010-01-08 01:24 . 2010-01-08 01:24 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-01-08 00:56 . 2009-08-19 19:58 53248 ----a-w- c:\users\Matt\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager\Disabled objects\Motrix Universal Server.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 02:00 . 2009-09-02 23:07 -------- d-----w- c:\program files\Cheat Engine
2010-02-05 14:36 . 2009-08-05 20:04 1356 ----a-w- c:\users\Matt\AppData\Local\d3d9caps.dat
2010-02-05 12:10 . 2009-08-24 13:57 -------- d-----w- c:\users\Matt\AppData\Roaming\LimeWire
2010-01-30 14:18 . 2009-10-05 23:59 380 ----a-w- c:\users\Matt\AppData\Roaming\wklnhst.dat
2010-01-29 12:25 . 2008-12-13 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-26 18:00 . 2009-08-06 20:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-25 20:14 . 2009-09-30 17:00 -------- d-----w- c:\program files\Sony
2010-01-25 19:27 . 2009-08-06 02:44 -------- d-----w- c:\programdata\TuneUp Software
2010-01-25 17:47 . 2009-09-08 16:42 -------- d-----w- c:\program files\uTorrent
2010-01-25 17:32 . 2010-01-25 17:31 -------- d-----w- c:\programdata\DriverScanner
2010-01-25 17:31 . 2010-01-25 17:30 -------- dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-25 17:31 . 2010-01-25 17:31 -------- d-----w- c:\users\Matt\AppData\Roaming\Uniblue
2010-01-25 17:31 . 2010-01-25 17:31 -------- d-----w- c:\program files\Uniblue
2010-01-23 07:51 . 2009-08-05 23:16 -------- d-----w- c:\program files\Steam
2010-01-19 00:59 . 2009-11-26 16:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-16 20:52 . 2009-10-04 19:26 -------- d-----w- c:\programdata\Microsoft Help
2010-01-16 20:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 16:12 . 2009-10-19 11:24 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 03:32 . 2010-01-25 17:31 2653048 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-01-09 18:34 . 2010-01-06 23:01 -------- d-----w- c:\program files\VBA
2010-01-09 14:53 . 2009-08-05 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 14:41 . 2009-09-02 20:05 -------- d-----w- c:\program files\oovootb
2010-01-08 01:33 . 2009-08-05 20:22 -------- d-----w- c:\program files\ATI
2010-01-08 01:33 . 2009-08-05 20:22 -------- d-----w- c:\program files\ATI Technologies
2010-01-08 01:23 . 2009-10-04 19:27 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-01-08 01:23 . 2009-10-04 19:26 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-07 21:07 . 2009-08-05 20:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-05 20:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 13:05 . 2009-12-25 01:55 137540 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-04 12:03 . 2010-01-04 12:03 -------- d--h--r- c:\users\Matt\AppData\Roaming\SecuROM
2010-01-03 23:01 . 2009-08-05 20:04 84152 ----a-w- c:\users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-03 21:27 . 2009-08-31 01:09 -------- d-----w- c:\users\Matt\AppData\Roaming\GetRightToGo
2010-01-02 06:38 . 2010-01-22 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 02:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 02:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 02:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 23:16 . 2009-11-10 01:43 -------- d-----w- c:\program files\Boxee
2009-12-30 04:32 . 2009-12-08 23:55 69 ----a-w- c:\users\Matt\jagex_runescape_preferences2.dat
2009-12-30 04:31 . 2009-12-08 23:55 39 ----a-w- c:\users\Matt\jagex_runescape_preferences.dat
2009-12-30 02:59 . 2009-12-30 02:59 3059744 ----a-w- c:\users\Matt\TheFirm.bin
2009-12-30 02:02 . 2009-12-18 22:20 -------- d-----w- c:\users\Matt\AppData\Roaming\vlc
2009-12-30 02:01 . 2009-12-30 02:00 2912288 ----a-w- c:\users\Matt\Firm.bin.bin
2009-12-28 21:16 . 2009-12-25 01:13 -------- d-----w- c:\users\Matt\AppData\Roaming\Apple Computer
2009-12-28 21:15 . 2009-12-28 21:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-28 21:15 . 2009-09-20 12:33 -------- d-----w- c:\programdata\Apple
2009-12-25 02:06 . 2009-12-25 02:05 -------- d-----w- c:\users\Matt\AppData\Roaming\iSproggler
2009-12-25 01:13 . 2009-12-25 01:11 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 01:13 . 2009-12-25 01:11 -------- d-----w- c:\program files\iTunes
2009-12-25 01:12 . 2009-12-25 01:12 -------- d-----w- c:\program files\iPod
2009-12-25 01:12 . 2009-09-20 12:33 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 01:11 . 2009-12-25 01:10 -------- d-----w- c:\programdata\Apple Computer
2009-12-25 01:11 . 2009-12-25 01:11 -------- d-----w- c:\program files\Bonjour
2009-12-25 01:10 . 2009-12-25 01:10 -------- d-----w- c:\program files\QuickTime
2009-12-22 19:31 . 2009-12-17 00:05 -------- d-----w- c:\program files\JDownloader
2009-12-22 14:38 . 2009-12-22 14:37 -------- d-----w- c:\program files\Pokemon World Online
2009-12-21 01:22 . 2009-08-08 13:54 -------- d-----w- c:\users\Matt\AppData\Roaming\[email protected]
2009-12-18 22:19 . 2009-12-18 22:19 -------- d-----w- c:\program files\VideoLAN
2009-12-16 22:42 . 2009-12-16 22:41 -------- d-----w- c:\program files\Download Direct
2009-12-16 20:26 . 2009-12-16 20:26 10134 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{B3940EA5-7872-487E-AF15-CF20DBD65F1B}\_8ECC23A7EE16983412592E.exe
2009-12-16 20:26 . 2009-12-16 20:26 10134 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{B3940EA5-7872-487E-AF15-CF20DBD65F1B}\_2E6FA81F66FC2982781BC3.exe
2009-12-16 20:26 . 2009-12-16 20:26 -------- d-----w- c:\program files\Bits N Bytes
2009-12-16 12:10 . 2009-12-16 12:10 10134 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{004C5688-5FB2-4129-8715-FB9325845D33}\_A859C6C54105E1530AD3AE.exe
2009-12-16 12:10 . 2009-12-16 12:10 10134 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{004C5688-5FB2-4129-8715-FB9325845D33}\_489BB0074F09F028DF03C1.exe
2009-12-16 12:10 . 2009-12-16 12:10 -------- d-----w- c:\program files\RapidShare Mass Downloader
2009-12-16 12:06 . 2009-12-16 12:06 -------- d-----w- c:\users\Matt\AppData\Roaming\VitySoft
2009-12-15 03:20 . 2009-12-15 03:20 -------- d-----w- c:\program files\Last.fm
2009-12-12 04:13 . 2009-12-12 04:13 -------- d-----w- c:\program files\Gpotato
2009-12-12 04:08 . 2009-10-02 15:31 -------- d-----w- c:\programdata\PMB Files
2009-12-09 01:30 . 2009-12-08 00:26 -------- d-----w- c:\program files\Project64 1.6
2009-12-08 23:34 . 2009-12-08 23:34 -------- d-----w- c:\programdata\Roblox
2009-12-08 23:34 . 2009-12-08 23:34 -------- d-----w- c:\program files\Roblox
2009-12-08 20:40 . 2009-08-25 22:34 -------- d-----w- c:\program files\Atari
2009-12-08 00:26 . 2009-12-08 00:26 8854 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-12-08 00:26 . 2009-12-08 00:26 40960 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-12-08 00:26 . 2009-12-08 00:26 40960 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-11-30 23:02 . 2009-11-30 23:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 23:02 . 2009-11-30 23:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-26 18:44 . 2009-11-26 18:44 7454 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{C61D7E99-30F5-4D41-B1D9-9E5884D45EC7}\YouTubeDriver.exe_C61D7E9930F54D41B1D99E5884D45EC7.exe
2009-11-26 18:44 . 2009-11-26 18:44 7454 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{C61D7E99-30F5-4D41-B1D9-9E5884D45EC7}\ARPPRODUCTICON.exe
2009-11-26 03:02 . 2009-11-26 02:34 19 ----a-w- c:\windows\popcinfo.dat
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18 . 2009-11-25 03:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2008-09-03 02:20 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2008-09-03 02:20 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2009-11-25 03:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2008-09-03 02:04 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2008-09-03 01:41 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-11-25 02:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2008-12-13 19:15 . 2008-12-13 19:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^[email protected]]
path=c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected]
backup=c:\windows\pss\[email protected]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-09 13:57 520024 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSproggler]
2009-03-18 16:16 17694808 ----a-w- c:\users\Matt\Documents\iSproggler\iSproggler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
2010-01-23 20:20 497016 ----atw- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2010-01-04 04:36 306088 ----a-w- c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
2008-10-24 18:23 1056928 ----a-w- c:\program files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-25 17:47 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Google Update"="c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"RayV"=c:\program files\RayV\RayV\RayV.exe /background
"Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Steam"="c:\program files\steam\steam.exe" -silent
"GetGoDM"=c:\program files\GetGo Software\GetGo Download Manager\GetGoDM.exe /minimized:
"DLD.EXE"=c:\program files\Download Direct\DLD.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"RGSC"=c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [1/9/2010 8:58 AM 64160]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [11/24/2009 10:17 PM 172032]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/18/2009 12:12 AM 1044808]
R3 havabus;HAVA Bus Enumerator;c:\windows\System32\drivers\havabus.sys [1/13/2009 3:44 PM 37376]
R3 HAVATV;Hava Video Device;c:\windows\System32\drivers\HavaTV.sys [4/23/2009 6:49 PM 324224]
R3 HavaTV_10;Hava Remote Video Device;c:\windows\System32\drivers\HavaTV_10.sys [4/23/2009 6:49 PM 324224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 6:48 PM 42480]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [?]
S3 havanet;HAVA NDIS Protocol Driver;c:\windows\System32\drivers\havanet.sys [1/13/2009 3:44 PM 20480]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [?]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 5:17 AM 77824]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/8/2009 11:42 AM 234888]
S4 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [11/14/2009 1:02 PM 145408]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:57]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532231638-4276550316-755594148-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-06 03:02]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532231638-4276550316-755594148-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-06 03:02]

2010-02-05 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-01-23 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q4jnzb7i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q4jnzb7i.default\extensions\[email protected]\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - plugin: c:\users\Matt\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Matt\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - e:\malware\Utilities\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-02-05 21:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1532231638-4276550316-755594148-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,dc,d4,76,ac,5e,e9,1f,68,2c,31,48,04,68,bd,e2,97,93,1a,11,a9,
7f,b6,c6,4c,6d,db,5f,79,05,fc,e6,2c,13,93,1b,39,85,bc,25,37,8e,a7,3e,f7,75,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-05 21:03:12
ComboFix-quarantined-files.txt 2010-02-06 02:03

Pre-Run: 29,299,924,992 bytes free
Post-Run: 29,227,638,784 bytes free

- - End Of File - - C75A2F303E43D1C3D5BF1CCF52F6F4BC


_______________________________________


2010-02-06 02:02:22 . 2010-02-06 02:02:22 790 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-HijackThis.reg.dat
2010-02-06 01:59:16 . 2010-02-06 01:59:16 6,226 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-02-06 01:53:59 . 2010-02-06 01:54:51 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-10-02 16:07:39 . 2008-09-27 04:00:00 118,176 ----a-w- C:\Qoobox\Quarantine\C\Windows\patchw.dll.vir
2009-09-09 00:45:40 . 2009-09-09 00:45:40 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@1CB2938.###.vir
2009-09-09 00:45:40 . 2009-09-09 00:45:40 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@1CB28D8.###.vir
2009-09-09 00:45:40 . 2009-09-09 00:45:40 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@1CB2908.###.vir
2009-09-08 17:58:12 . 2009-09-08 17:58:12 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@2A2938.###.vir
2009-09-08 17:58:12 . 2009-09-08 17:58:12 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@2A28D8.###.vir
2009-09-08 17:58:12 . 2009-09-08 17:58:12 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@2A2908.###.vir
2009-09-08 17:40:53 . 2009-09-08 17:40:53 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@1F32938.###.vir
2009-09-08 17:40:53 . 2009-09-08 17:40:53 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@1F328D8.###.vir
2009-09-08 17:40:53 . 2009-09-08 17:40:53 2,048 ----atw- C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\.#\[email protected]@1F32908.###.vir
2009-09-02 23:07:46 . 2009-01-27 22:43:54 36,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir
2008-12-13 11:34:37 . 2008-12-13 19:28:52 613,334 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\oem4.inf.vir
2007-11-07 13:03:18 . 2007-11-07 13:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
Soldier62994 is offline  
Sponsored Links
Advertisement
 
Old 02-18-2010, 01:37 AM   #2
TSF Enthusiast
 
Join Date: Sep 2006
Posts: 1,702
OS: xp



Hi Soldier62994
Are there any current problems ?
In the future do not run combofix unless an analyst suggests it, please.
__________________


Our help is voluntary. But this site needs donations to operate.
LonnyRJ is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:55 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts