Variant of win32/Kryptic.PQP Back Door Trojan Virus

djthedj · July 05, 2011, 10:24:13 PM

Have been doing some investigative work and found:
Libraries/documents/djthedj/appdata/localLow/Sun - Opened this folder then opened the AU Folder and these are what was listed: jre 1.6.0_.16, jre 1.6.0_.17, jre 1.6.0_.22, (jre 1.6.0_.26_x64) - 3 of the folders 16,22, 26x64 all have Data1 Cabinet files & windows installer packages in them. The 17 file had gtapi.dll app ext. and izma.dll app ext. I am not sure if all this will be helpfull, but I posted it anyway. Also I have another uninstaller program on my computer - Advanced uninstaller Pro. if that may help us - however I do not know if this uninstaller would leave the needed log files.

djthedj

djthedj · July 05, 2011, 11:04:13 PM

Corrine:

I do not have a log on for an administrator acc't - however I do have djthedj as administrator . I went back and clicked on the Java install package and clicked over it then right clicked and all it asked for was if I wanted to take ownership - I sad yes and tried to reinstall and had the same issue, so I will move onto Combo fix.

Corrine · July 05, 2011, 11:08:32 PM

If you have not moved to ComboFix yet, note:

I am not familiar with Advanced uninstaller Pro. However, if you have used it successfully in the past and wish to try it, go ahead and do that before running ComboFix. Let me know the results and I'll also see what shows in the ComboFix log.

djthedj · July 06, 2011, 02:56:56 AM

Corrine:
Here is the ComboFix File:

ComboFix 11-07-05.03 - djthedj 07/05/2011 20:59:06.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.3995 [GMT -4:00]
Running from: c:\users\djthedj\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\djthedj\AppData\Roaming\Adobe\plugs
c:\users\djthedj\AppData\Roaming\Adobe\shed
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk
c:\users\djthedj\videos\Greeting Card 1.exe
c:\users\djthedj\videos\Greeting Card 2.exe
c:\windows\security\Database\tmp.edb
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 01:02 . 2011-07-06 01:02   --------   d-----w-   c:\users\RA Media Server\AppData\Local\temp
2011-07-06 01:02 . 2011-07-06 01:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-07-04 20:11 . 2011-07-04 20:11   --------   d-----w-   c:\users\djthedj\AppData\Roaming\Malwarebytes
2011-07-04 20:11 . 2011-07-04 20:11   --------   d-----w-   c:\programdata\Malwarebytes
2011-07-04 20:11 . 2011-05-29 13:11   39984   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-04 20:11 . 2011-07-04 20:11   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-04 20:11 . 2011-05-29 13:11   25912   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-03 23:28 . 2011-07-04 20:42   --------   d-----w-   C:\rsit
2011-07-03 23:28 . 2011-07-04 20:42   --------   d-----w-   c:\program files\trend micro
2011-07-02 14:32 . 2011-07-02 14:34   --------   d-----w-   c:\program files (x86)\Broderbund
2011-07-02 14:32 . 2011-07-02 14:32   --------   d-----w-   c:\users\djthedj\AppData\Local\Conduit
2011-07-01 23:02 . 2011-07-01 23:02   --------   d-----w-   C:\ATI
2011-07-01 22:39 . 2011-07-06 00:03   --------   d-sh--w-   c:\windows\Installer
2011-07-01 16:57 . 2007-11-07 02:02   179704   ----a-w-   c:\users\djthedj\atl90.dll.21022.08.Microsoft_VC90_ATL_x64.RTM
2011-07-01 10:45 . 2011-06-07 17:10   8873296   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A48C712-90CC-4AC5-9DAC-07D017F6A334}\mpengine.dll
2011-06-30 21:01 . 2011-06-30 21:01   --------   d-----w-   C:\AMD
2011-06-30 14:54 . 2011-06-30 14:55   --------   d-----w-   c:\program files\Dream Quest Hearts
2011-06-30 03:55 . 2011-06-30 04:00   --------   d-----w-   C:\Firefox
2011-06-30 03:42 . 2011-06-30 03:42   425914   ----a-w-   c:\program files (x86)\Mozilla Firefox\uninstall\uninstaller.exe
2011-06-29 21:01 . 2011-06-30 13:43   --------   d-----w-   c:\program files\Enigma Software Group
2011-06-29 21:01 . 2011-06-30 03:26   --------   d-----w-   c:\windows\1226A4C56F274C4EAE372B5512DE125A.TMP
2011-06-29 21:01 . 2011-06-29 21:01   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2011-06-29 20:42 . 2011-06-29 20:42   --------   d-----w-   c:\program files (x86)\ESET
2011-06-29 00:14 . 2011-06-29 00:14   --------   d-----w-   c:\users\djthedj\AppData\Local\ESET
2011-06-28 23:59 . 2011-05-04 05:22   778752   ----a-w-   c:\windows\system32\mssvp.dll
2011-06-28 23:59 . 2011-05-04 05:22   75264   ----a-w-   c:\windows\system32\msscntrs.dll
2011-06-28 23:59 . 2011-05-04 05:22   491520   ----a-w-   c:\windows\system32\mssph.dll
2011-06-28 23:59 . 2011-05-04 05:22   288256   ----a-w-   c:\windows\system32\mssphtb.dll
2011-06-28 23:59 . 2011-05-04 05:19   113664   ----a-w-   c:\windows\system32\SearchFilterHost.exe
2011-06-28 23:59 . 2011-05-04 04:32   666624   ----a-w-   c:\windows\SysWow64\mssvp.dll
2011-06-28 23:59 . 2011-05-04 04:32   197120   ----a-w-   c:\windows\SysWow64\mssphtb.dll
2011-06-28 23:59 . 2011-05-04 04:28   86528   ----a-w-   c:\windows\SysWow64\SearchFilterHost.exe
2011-06-28 23:59 . 2011-05-04 04:32   59392   ----a-w-   c:\windows\SysWow64\msscntrs.dll
2011-06-24 21:15 . 2011-06-24 21:15   2106216   ----a-w-   c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 21:15 . 2011-06-24 21:15   1998168   ----a-w-   c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-15 12:52 . 2011-04-25 05:33   1923968   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-06-15 12:52 . 2011-04-25 02:34   499200   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-15 12:50 . 2011-01-17 11:09   197120   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-06-15 12:50 . 2011-01-17 05:47   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2011-06-15 12:50 . 2011-04-29 03:06   467456   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-06-15 12:50 . 2011-04-29 03:05   410112   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-06-15 12:50 . 2011-04-29 03:05   168448   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-06-15 12:50 . 2011-02-25 06:22   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-06-15 12:50 . 2011-02-25 05:34   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-06-15 12:50 . 2011-05-03 05:29   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-06-15 12:50 . 2011-05-03 04:30   741376   ----a-w-   c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 10:44 . 2011-05-20 11:13   404640   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-26 10:54 . 2009-07-31 04:26   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2011-05-26 10:54 . 2009-07-31 04:26   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2011-05-24 23:14 . 2009-11-06 21:35   270720   ----a-w-   c:\windows\system32\MpSigStub.exe
2011-05-11 13:10 . 2009-07-14 02:36   175616   ----a-w-   c:\windows\system32\msclmd.dll
2011-05-11 13:10 . 2009-07-14 02:36   152576   ----a-w-   c:\windows\SysWow64\msclmd.dll
2011-04-22 22:15 . 2011-05-24 23:00   27520   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-04-09 07:02 . 2011-05-11 11:08   5562240   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 12:12   142336   ----a-w-   c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 11:08   3967872   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 11:08   3912576   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 12:12   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81e93b9c-1052-4697-aafe-b40cd69c1d22}"= "c:\program files (x86)\Broderbund\prxtbBro0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
2011-05-09 09:49   176936   ----a-w-   c:\program files (x86)\Broderbund\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{81e93b9c-1052-4697-aafe-b40cd69c1d22}"= "c:\program files (x86)\Broderbund\prxtbBro0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-26 273544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [N/A]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-07-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-16 79360]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/16 23:11];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-01-07 21:11 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-11 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-06-22 189680]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-02-02 65856]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Hawking\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-22 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-10-20 23:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530712
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{78C51A24-3CA4-49FA-A644-56C4639C59F9}: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\djthedj\AppData\Roaming\Mozilla\Firefox\Profiles\wmvmxomq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-conhost - c:\users\djthedj\AppData\Roaming\Microsoft\conhost.exe
Wow6432Node-HKCU-Run-oYohbioPvgYB - c:\programdata\oYohbioPvgYB.exe
WebBrowser-{81E93B9C-1052-4697-AAFE-B40CD69C1D22} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,cc,a2,77,7f,31,bb,4b,8a,05,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,cc,a2,77,7f,31,bb,4b,8a,05,05,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hawking\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-07-05 21:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 01:07
.
Pre-Run: 673,415,757,824 bytes free
Post-Run: 678,241,013,760 bytes free
.
- - End Of File - - 6D1985F3B87EF7B09E8CFF793CD2951E

djthedj

djthedj · July 06, 2011, 02:59:35 AM

Corrine:

Also the JavaRa log file:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 05 11:48:34 2011

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.160_22

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_22

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_22

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_22

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.

djthedj

djthedj · July 06, 2011, 03:31:08 PM

Corrine - more info.
After using my advanced uninstaller pro I see no java programs listed under programs to be uninstalled.
Also no longer seeing the pop up about the CCC after running combfix. From a previous reply you sent - When I ran the random rsitx64 the 2nd time I still had both the info. & log files on my desktop. They are still there so I am not sure why on the 2nd run it only produced the info.log. Libraries/documents/djthedj/appdata/localLow/Sun - Opened this folder then opened the AU Folder and these are what was listed: jre 1.6.0_.16, jre 1.6.0_.17, jre 1.6.0_.22, (jre 1.6.0_.26_x64) - 3 of the folders 16,22, 26x64 all have Data1 Cabinet files & windows installer packages in them. The 17 file had gtapi.dll app ext. and izma.dll app ext. Also these install program packages and files are still on my computer.

djthedj

Corrine · July 06, 2011, 05:45:47 PM

Hi, djthedj.

1) I am not seeing an entry in Add/Remove programs for Enigma Software Group or SpyHunter but there appears to be a files remaining on your system. Is this something you have uninstalled? (Due to past history, this company does not have the best of reputations.)

2) I am not seeing a folder for Java listed. Please confirm that no such folder exists.

3) Navigate to Libraries/documents/djthedj/appdata/localLow/Sun and delete the Java folder.

4) Further regarding Java, when you said "these install program packages and files are still on my computer", are you referring to the downloaded installers? If so, go ahead a delete them.

5) Please empty your recycle bin.

Please respond regarding SpyHunter and confirm the removal of the Java files and then we'll proceed.

Thanks.

djthedj · July 06, 2011, 07:41:07 PM

Corrine:

For Enigma Software - all I could find my computer is an empty folder by that name. For SpyHunter I found nothing.
It may have been something I had some time ago and uninstalled. Libraries/documents/djthedj/appdata/localLow/Sun - I deleted the Java folder. They were install packages. Also in my control panel there is a folder listed as Java and when I open it - App not found. Funny thing I cannot find my recycle Bin - no shortcut - nor can I locate a link to it!

djthedj

djthedj · July 06, 2011, 09:14:04 PM

corrine:

Found my recycle Bin - must have reset while cleaning the computer - Had to tun it back on and I emptied it.

djthedj

Corrine · July 06, 2011, 09:42:59 PM

Thanks, djthedj.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code Select


Registry::
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} -
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} -

Folder::
c:\program files\Enigma Software Group

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

djthedj · July 07, 2011, 03:21:16 PM

Corrine:

Here is the new ComboFix Log file.

ComboFix 11-07-05.03 - djthedj 07/05/2011 20:59:06.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.3995 [GMT -4:00]
Running from: c:\users\djthedj\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\djthedj\AppData\Roaming\Adobe\plugs
c:\users\djthedj\AppData\Roaming\Adobe\shed
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk
c:\users\djthedj\videos\Greeting Card 1.exe
c:\users\djthedj\videos\Greeting Card 2.exe
c:\windows\security\Database\tmp.edb
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 01:02 . 2011-07-06 01:02   --------   d-----w-   c:\users\RA Media Server\AppData\Local\temp
2011-07-06 01:02 . 2011-07-06 01:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-07-04 20:11 . 2011-07-04 20:11   --------   d-----w-   c:\users\djthedj\AppData\Roaming\Malwarebytes
2011-07-04 20:11 . 2011-07-04 20:11   --------   d-----w-   c:\programdata\Malwarebytes
2011-07-04 20:11 . 2011-05-29 13:11   39984   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-04 20:11 . 2011-07-04 20:11   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-04 20:11 . 2011-05-29 13:11   25912   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-03 23:28 . 2011-07-04 20:42   --------   d-----w-   C:\rsit
2011-07-03 23:28 . 2011-07-04 20:42   --------   d-----w-   c:\program files\trend micro
2011-07-02 14:32 . 2011-07-02 14:34   --------   d-----w-   c:\program files (x86)\Broderbund
2011-07-02 14:32 . 2011-07-02 14:32   --------   d-----w-   c:\users\djthedj\AppData\Local\Conduit
2011-07-01 23:02 . 2011-07-01 23:02   --------   d-----w-   C:\ATI
2011-07-01 22:39 . 2011-07-06 00:03   --------   d-sh--w-   c:\windows\Installer
2011-07-01 16:57 . 2007-11-07 02:02   179704   ----a-w-   c:\users\djthedj\atl90.dll.21022.08.Microsoft_VC90_ATL_x64.RTM
2011-07-01 10:45 . 2011-06-07 17:10   8873296   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A48C712-90CC-4AC5-9DAC-07D017F6A334}\mpengine.dll
2011-06-30 21:01 . 2011-06-30 21:01   --------   d-----w-   C:\AMD
2011-06-30 14:54 . 2011-06-30 14:55   --------   d-----w-   c:\program files\Dream Quest Hearts
2011-06-30 03:55 . 2011-06-30 04:00   --------   d-----w-   C:\Firefox
2011-06-30 03:42 . 2011-06-30 03:42   425914   ----a-w-   c:\program files (x86)\Mozilla Firefox\uninstall\uninstaller.exe
2011-06-29 21:01 . 2011-06-30 13:43   --------   d-----w-   c:\program files\Enigma Software Group
2011-06-29 21:01 . 2011-06-30 03:26   --------   d-----w-   c:\windows\1226A4C56F274C4EAE372B5512DE125A.TMP
2011-06-29 21:01 . 2011-06-29 21:01   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2011-06-29 20:42 . 2011-06-29 20:42   --------   d-----w-   c:\program files (x86)\ESET
2011-06-29 00:14 . 2011-06-29 00:14   --------   d-----w-   c:\users\djthedj\AppData\Local\ESET
2011-06-28 23:59 . 2011-05-04 05:22   778752   ----a-w-   c:\windows\system32\mssvp.dll
2011-06-28 23:59 . 2011-05-04 05:22   75264   ----a-w-   c:\windows\system32\msscntrs.dll
2011-06-28 23:59 . 2011-05-04 05:22   491520   ----a-w-   c:\windows\system32\mssph.dll
2011-06-28 23:59 . 2011-05-04 05:22   288256   ----a-w-   c:\windows\system32\mssphtb.dll
2011-06-28 23:59 . 2011-05-04 05:19   113664   ----a-w-   c:\windows\system32\SearchFilterHost.exe
2011-06-28 23:59 . 2011-05-04 04:32   666624   ----a-w-   c:\windows\SysWow64\mssvp.dll
2011-06-28 23:59 . 2011-05-04 04:32   197120   ----a-w-   c:\windows\SysWow64\mssphtb.dll
2011-06-28 23:59 . 2011-05-04 04:28   86528   ----a-w-   c:\windows\SysWow64\SearchFilterHost.exe
2011-06-28 23:59 . 2011-05-04 04:32   59392   ----a-w-   c:\windows\SysWow64\msscntrs.dll
2011-06-24 21:15 . 2011-06-24 21:15   2106216   ----a-w-   c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 21:15 . 2011-06-24 21:15   1998168   ----a-w-   c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-15 12:52 . 2011-04-25 05:33   1923968   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-06-15 12:52 . 2011-04-25 02:34   499200   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-06-15 12:50 . 2011-01-17 11:09   197120   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-06-15 12:50 . 2011-01-17 05:47   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2011-06-15 12:50 . 2011-04-29 03:06   467456   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-06-15 12:50 . 2011-04-29 03:05   410112   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-06-15 12:50 . 2011-04-29 03:05   168448   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-06-15 12:50 . 2011-02-25 06:22   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-06-15 12:50 . 2011-02-25 05:34   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-06-15 12:50 . 2011-05-03 05:29   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-06-15 12:50 . 2011-05-03 04:30   741376   ----a-w-   c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 10:44 . 2011-05-20 11:13   404640   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-26 10:54 . 2009-07-31 04:26   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2011-05-26 10:54 . 2009-07-31 04:26   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2011-05-24 23:14 . 2009-11-06 21:35   270720   ----a-w-   c:\windows\system32\MpSigStub.exe
2011-05-11 13:10 . 2009-07-14 02:36   175616   ----a-w-   c:\windows\system32\msclmd.dll
2011-05-11 13:10 . 2009-07-14 02:36   152576   ----a-w-   c:\windows\SysWow64\msclmd.dll
2011-04-22 22:15 . 2011-05-24 23:00   27520   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-04-09 07:02 . 2011-05-11 11:08   5562240   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 12:12   142336   ----a-w-   c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 11:08   3967872   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 11:08   3912576   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 12:12   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81e93b9c-1052-4697-aafe-b40cd69c1d22}"= "c:\program files (x86)\Broderbund\prxtbBro0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
2011-05-09 09:49   176936   ----a-w-   c:\program files (x86)\Broderbund\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{81e93b9c-1052-4697-aafe-b40cd69c1d22}"= "c:\program files (x86)\Broderbund\prxtbBro0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81e93b9c-1052-4697-aafe-b40cd69c1d22}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-26 273544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [N/A]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-07-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-16 79360]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/16 23:11];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-01-07 21:11 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-11 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-06-22 189680]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-02-02 65856]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Hawking\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-22 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-10-20 23:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530712
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{78C51A24-3CA4-49FA-A644-56C4639C59F9}: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\djthedj\AppData\Roaming\Mozilla\Firefox\Profiles\wmvmxomq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-conhost - c:\users\djthedj\AppData\Roaming\Microsoft\conhost.exe
Wow6432Node-HKCU-Run-oYohbioPvgYB - c:\programdata\oYohbioPvgYB.exe
WebBrowser-{81E93B9C-1052-4697-AAFE-B40CD69C1D22} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,cc,a2,77,7f,31,bb,4b,8a,05,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,cc,a2,77,7f,31,bb,4b,8a,05,05,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hawking\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-07-05 21:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 01:07
.
Pre-Run: 673,415,757,824 bytes free
Post-Run: 678,241,013,760 bytes free
.
- - End Of File - - 6D1985F3B87EF7B09E8CFF793CD2951E

djthedj

Corrine · July 07, 2011, 03:40:48 PM

Hi, dthedj.

That is your first ComboFix log from July 5. I'd like to see the log dated from the run today. Did you follow the instructions for the script I posted? If your computer didn't restart after running the script, go ahead and restart.

djthedj · July 07, 2011, 07:04:04 PM

corrine:

I did follow your instructions - dragged the text from my desktop that you sent me & placed it into combofix - disabled my AV, firewall & malware bytes. Then ran combofix. My computer did restart and the combofix log file was generated and I saved it to my desktop. The combofix file I sent I thought was the new generated one. I did a search on my computer to see if I could find the new file and nothing came up. Same as when I ran rsit the 2nd time and only the info file showed up on my desktop. Not sure what is going on.

djthedj

Corrine · July 07, 2011, 08:28:52 PM

Hi, djthedj.

Please navigate to C:\Qoobox and open that folder. You should find two text files with the ComboFix.txt name; one ComboFix2.txt dated 2011-07-05 and the one run today, ComboFix.txt dated 2011-07-07. It is the log from today that I would like to see.

djthedj · July 07, 2011, 09:35:10 PM

Corinne:

In the Qoobox there was a log file combofix2 - it had a date of 07/05/2011. However there is another log file : ComboFix-quarantined files that has a modified 07/07/2011 date. When I opened the file to look at it everything inside, there is a date of 07/06/2011 next to every quarantined file. I will post it and if that is not what you need we can go from there.

2011-07-06 01:06:32 . 2011-07-07 14:59:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{81E93B9C-1052-4697-AAFE-B40CD69C1D22}.reg.dat
2011-07-06 01:06:20 . 2011-07-06 01:06:20 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-oYohbioPvgYB.reg.dat
2011-07-06 01:06:20 . 2011-07-06 01:06:20 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-conhost.reg.dat
2011-07-06 01:01:24 . 2011-07-07 14:54:10 15,619 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-07-06 01:00:55 . 2009-07-14 04:54:24 174 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\4\desktop.ini
2011-07-06 01:00:55 . 2009-07-14 04:49:38 1,228 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk
2011-07-06 01:00:55 . 2009-11-03 20:16:32 1,547 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Windows Media Player.lnk
2011-07-06 01:00:55 . 2010-07-24 19:09:31 950 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\YNAB 3.lnk
2011-07-06 01:00:55 . 2009-12-16 23:12:26 1,346 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\ZoomBrowser EX.lnk
2011-07-06 01:00:55 . 2010-06-10 19:45:37 2,515 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Skype.lnk
2011-07-06 01:00:55 . 2011-02-16 20:07:40 2,645 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\The Print Shop 23.1.lnk
2011-07-06 01:00:55 . 2009-12-29 03:52:08 1,332 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Play Hearts.lnk
2011-07-06 01:00:55 . 2010-12-15 02:09:07 1,847 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\QuickTime Player.lnk
2011-07-06 01:00:55 . 2011-01-03 15:05:19 1,046 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\RealPlayer.lnk
2011-07-06 01:00:55 . 2011-06-24 21:15:43 2,048 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Mozilla Firefox.lnk
2011-07-06 01:00:55 . 2009-11-06 21:50:15 2,029 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Mozilla Thunderbird.lnk
2011-07-06 01:00:55 . 2010-01-07 21:49:08 1,165 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\ParetoLogic FileCure.lnk
2011-07-06 01:00:55 . 2010-12-02 04:26:50 1,224 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\PCShowBuzz.lnk
2011-07-06 01:00:55 . 2010-03-12 19:14:36 1,935 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Moneydance.lnk
2011-07-06 01:00:55 . 2009-12-04 12:00:57 1,934 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\MozBackup.lnk
2011-07-06 01:00:55 . 2010-08-26 19:52:21 211 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\desktop.ini
2011-07-06 01:00:55 . 2010-08-27 00:12:00 2,251 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\DriverBoost.lnk
2011-07-06 01:00:55 . 2010-05-06 19:45:49 1,931 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\e-Sword.lnk
2011-07-06 01:00:55 . 2010-01-06 03:34:34 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Firetrust Benign.lnk
2011-07-06 01:00:55 . 2009-11-18 03:01:57 1,103 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Goodsol Solitaire 101.lnk
2011-07-06 01:00:55 . 2010-10-21 01:12:41 2,210 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter.lnk
2011-07-06 01:00:55 . 2010-06-02 03:22:42 1,865 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Hide My IP Address.lnk
2011-07-06 01:00:55 . 2009-11-03 20:28:36 1,449 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Internet Explorer.lnk
2011-07-06 01:00:55 . 2010-11-24 12:56:20 1,203 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\MailWasher Pro.lnk
2011-07-06 01:00:55 . 2010-02-06 21:26:59 982 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Complete Cleanup.lnk
2011-07-06 01:00:55 . 2009-11-03 20:41:58 2,731 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Dell Remote Access.lnk
2011-07-06 01:00:55 . 2010-11-26 22:23:06 2,016 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\3\Adobe Reader 9.lnk
2011-07-06 01:00:55 . 2010-07-24 19:09:31 968 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\YNAB 3\YNAB 3.lnk
2011-07-06 01:00:55 . 2011-03-30 03:11:00 2,350 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
2011-07-06 01:00:55 . 2011-03-30 03:11:00 243 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
2011-07-06 01:00:55 . 2010-11-30 17:47:44 2,669 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Family Safety.lnk
2011-07-06 01:00:55 . 2010-11-30 17:48:40 2,068 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mesh.lnk
2011-07-06 01:00:55 . 2011-02-16 20:07:40 2,663 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23.1\The Print Shop 23.1.lnk
2011-07-06 01:00:55 . 2011-02-16 20:07:40 947 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23.1\Documents\License Agreement.lnk
2011-07-06 01:00:55 . 2011-02-16 20:07:40 942 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\The Print Shop 23.1\Documents\ReadMe.lnk
2011-07-06 01:00:55 . 2009-11-03 20:41:58 2,765 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Startup\Dell Remote Access.lnk
2011-07-06 01:00:55 . 2009-07-14 04:54:24 174 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
2011-07-06 01:00:55 . 2011-02-16 20:07:40 1,944 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Startup\Event Reminder.lnk
2011-07-06 01:00:55 . 2006-11-02 15:06:41 91 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Tablet PC\Desktop.ini
2011-07-06 01:00:55 . 2009-07-31 04:18:16 2,027 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Tools.lnk
2011-07-06 01:00:55 . 2010-06-10 19:45:37 2,533 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
2011-07-06 01:00:55 . 2009-07-31 04:18:16 2,025 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Data.lnk
2011-07-06 01:00:55 . 2009-07-31 04:18:16 2,027 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Audio.lnk
2011-07-06 01:00:55 . 2009-07-31 04:18:16 2,025 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Copy.lnk
2011-07-06 01:00:55 . 2009-07-31 04:18:16 2,145 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator DE\Home.lnk
2011-07-06 01:00:55 . 2010-03-09 21:20:49 978 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk
2011-07-06 01:00:55 . 2010-03-09 21:20:49 57 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url
2011-07-06 01:00:55 . 2010-03-09 21:20:49 993 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk
2011-07-06 01:00:55 . 2010-03-09 21:20:49 1,063 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk
2011-07-06 01:00:55 . 2011-05-26 10:54:13 1,294 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Real\RealPlayer.lnk
2011-07-06 01:00:55 . 2011-05-26 10:54:31 1,197 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Real\RealPlayer Converter.lnk
2011-07-06 01:00:55 . 2011-05-26 10:54:25 1,139 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Real\RealPlayer Trimmer.lnk
2011-07-06 01:00:55 . 2010-12-15 02:09:07 2,441 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
2011-07-06 01:00:55 . 2010-12-15 02:09:07 1,818 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
2011-07-06 01:00:55 . 2010-12-02 04:26:50 1,130 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\PCShowBuzz 2\Uninstall PCShowBuzz.lnk
2011-07-06 01:00:55 . 2010-12-15 02:09:07 2,441 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
2011-07-06 01:00:55 . 2010-12-15 02:09:07 2,471 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
2011-07-06 01:00:55 . 2010-12-02 04:26:50 1,231 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\PCShowBuzz 2\Help.lnk
2011-07-06 01:00:55 . 2010-12-02 04:26:50 1,140 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\PCShowBuzz 2\PCShowBuzz.lnk
2011-07-06 01:00:54 . 2010-01-07 21:49:08 1,189 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ParetoLogic\FileCure\ParetoLogic FileCure.lnk
2011-07-06 01:00:54 . 2010-12-02 04:26:50 1,099 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\PCShowBuzz 2\FAQ.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,034 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Math.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,106 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Writer.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,138 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,082 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Calc.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,032 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Draw.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,092 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Impress.lnk
2011-07-06 01:00:54 . 2011-03-04 23:30:14 36 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\Desktop.ini
2011-07-06 01:00:54 . 2011-03-04 23:30:03 1,098 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\OpenOffice.org 3.3\OpenOffice.org Base.lnk
2011-07-06 01:00:54 . 2010-05-12 20:04:45 948 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Numus Disk Builder and Burner\Uninstall.lnk
2011-07-06 01:00:54 . 2010-05-12 20:04:45 1,283 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Numus Disk Builder and Burner\Website.lnk
2011-07-06 01:00:54 . 2010-05-12 20:04:45 1,223 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Numus Disk Builder and Burner\Numus Disk Builder and Burner.lnk
2011-07-06 01:00:54 . 2009-11-06 21:50:15 2,051 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird (Safe Mode).lnk
2011-07-06 01:00:54 . 2010-11-23 23:10:34 2,535 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\NEC Electronics\USB 3.0 Host Controller Driver\USB 3.0 Host Controller Utility.lnk
2011-07-06 01:00:54 . 2009-12-04 12:00:57 92 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MozBackup\Support.url
2011-07-06 01:00:54 . 2009-12-04 12:00:57 1,934 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MozBackup\Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-04 12:00:57 80 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MozBackup\Homepage.url
2011-07-06 01:00:54 . 2009-12-04 12:00:57 1,934 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MozBackup\MozBackup.lnk
2011-07-06 01:00:54 . 2009-07-14 04:57:09 1,212 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
2011-07-06 01:00:54 . 2011-06-16 03:50:20 2,269 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
2011-07-06 01:00:54 . 2009-07-14 04:57:07 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
2011-07-06 01:00:54 . 2009-07-14 04:57:09 606 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
2011-07-06 01:00:54 . 2009-07-14 04:57:07 1,304 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
2011-07-06 01:00:54 . 2010-11-24 12:56:20 1,115 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MailWasher Pro\Uninstall MailWasher Pro.lnk
2011-07-06 01:00:54 . 2010-11-24 12:56:20 1,221 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MailWasher Pro\MailWasher Pro.lnk
2011-07-06 01:00:54 . 2010-11-24 12:56:20 1,192 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\MailWasher Pro\MailWasher Pro Help.lnk
2011-07-06 01:00:54 . 2009-07-31 04:13:21 1,033 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Intel® Matrix Storage Manager\Intel® Matrix Storage Console.lnk
2011-07-06 01:00:54 . 2010-10-21 01:12:42 2,454 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter\Uninstall.lnk
2011-07-06 01:00:54 . 2009-07-14 04:55:00 364 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
2011-07-06 01:00:54 . 2009-07-14 04:54:59 258 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
2011-07-06 01:00:54 . 2009-07-14 04:57:12 356 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
2011-07-06 01:00:54 . 2009-11-03 20:12:14 360 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
2011-07-06 01:00:54 . 2009-07-14 04:57:12 370 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Microsoft.lnk
2011-07-06 01:00:54 . 2009-07-14 04:55:01 368 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
2011-07-06 01:00:54 . 2010-10-21 01:12:42 2,228 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter\Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter.lnk
2011-07-06 01:00:54 . 2009-11-03 20:12:13 352 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
2011-07-06 01:00:54 . 2009-11-03 20:12:14 1,128 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Games\Desktop.ini
2011-07-06 01:00:54 . 2010-01-06 03:34:34 1,066 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Firetrust Benign\License.lnk
2011-07-06 01:00:54 . 2010-01-06 03:34:34 1,061 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Firetrust Benign\Readme.lnk
2011-07-06 01:00:54 . 2010-01-06 03:34:34 1,073 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Firetrust Benign\Uninstall Firetrust Benign.lnk
2011-07-06 01:00:54 . 2010-01-06 03:34:34 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Firetrust Benign\Firetrust Benign.lnk
2011-07-06 01:00:54 . 2010-11-12 05:01:32 1,109 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus\ESET SysRescue.lnk
2011-07-06 01:00:54 . 2010-11-12 05:01:32 1,080 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus\License agreement.lnk
2011-07-06 01:00:54 . 2010-11-12 05:01:32 2,033 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus\Uninstall.lnk
2011-07-06 01:00:54 . 2010-11-12 05:01:31 1,080 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus\Documentation.lnk
2011-07-06 01:00:54 . 2010-11-12 05:01:31 2,006 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus\ESET NOD32 Antivirus.lnk
2011-07-06 01:00:54 . 2010-11-12 05:01:32 1,124 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus\ESET SysInspector.lnk
2011-07-06 01:00:54 . 2010-05-06 19:45:49 1,949 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\e-Sword\e-Sword.lnk
2011-07-06 01:00:54 . 2010-10-20 21:01:42 1,047 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\DriverNavigator\DriverNavigator.lnk
2011-07-06 01:00:54 . 2010-10-20 21:01:42 928 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\DriverNavigator\Uninstall DriverNavigator.lnk
2011-07-06 01:00:54 . 2010-08-27 00:12:00 2,757 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\DriverBoost\Knowledgebase.lnk
2011-07-06 01:00:54 . 2010-08-27 00:12:00 1,886 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\DriverBoost\Uninstall DriverBoost.lnk
2011-07-06 01:00:54 . 2010-08-27 00:12:00 2,269 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\DriverBoost\DriverBoost.lnk
2011-07-06 01:00:54 . 2010-08-27 00:12:00 2,175 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\DriverBoost\Help.lnk
2011-07-06 01:00:54 . 2009-11-03 20:42:16 2,007 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell Video Chat\Dell Video Chat.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:58 2,761 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell Remote Access\Product Manual.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:58 2,761 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell Remote Access\Dell Remote Access Online.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:58 2,749 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell Remote Access\Dell Remote Access.lnk
2011-07-06 01:00:54 . 2009-07-31 04:14:58 1,810 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\Banctec.pdf.lnk
2011-07-06 01:00:54 . 2009-12-03 11:58:12 2,091 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe\Dell DataSafe Online.lnk
2011-07-06 01:00:54 . 2009-07-31 04:27:11 1,044 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Software & Utilities\Dell Getting Started Guide.lnk
2011-07-06 01:00:54 . 2009-07-31 04:11:04 2,407 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Sound Blaster X-Fi\Documentation\Online Manual.lnk
2011-07-06 01:00:54 . 2009-07-31 04:26:42 1,916 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Dock.lnk
2011-07-06 01:00:54 . 2009-07-31 04:11:02 2,157 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Sound Blaster X-Fi\Get PowerDVD.lnk
2011-07-06 01:00:54 . 2009-07-31 04:10:59 2,164 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Sound Blaster X-Fi\Creative Diagnostics.lnk
2011-07-06 01:00:54 . 2009-07-31 04:11:02 2,166 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Sound Blaster X-Fi\Creative Volume Panel.lnk
2011-07-06 01:00:54 . 2009-07-31 04:12:07 1,922 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Audio Converter.lnk
2011-07-06 01:00:54 . 2009-07-31 04:12:07 1,937 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Organizer.lnk
2011-07-06 01:00:54 . 2009-07-31 04:12:07 1,931 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Player.lnk
2011-07-06 01:00:54 . 2009-07-31 04:12:35 2,016 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource Go!.lnk
2011-07-06 01:00:54 . 2009-07-31 04:10:55 2,202 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Sound Blaster X-Fi\Creative Console Launcher.lnk
2011-07-06 01:00:54 . 2009-11-16 02:21:38 2,320 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Creative Software AutoUpdate.lnk
2011-07-06 01:00:54 . 2009-11-16 02:21:13 2,277 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Creative\Creative Audio Control Panel.lnk
2011-07-06 01:00:54 . 2010-02-05 20:39:08 1,030 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup Trial\Help FAQ.lnk
2011-07-06 01:00:54 . 2010-02-05 20:39:08 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup Trial\Uninstall Instructions.lnk
2011-07-06 01:00:54 . 2010-02-06 21:26:59 1,000 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup\Your License Agreement.lnk
2011-07-06 01:00:54 . 2010-02-05 20:39:08 1,030 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup Trial\Complete Cleanup Trial.lnk
2011-07-06 01:00:54 . 2010-02-05 20:39:08 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup Trial\Disclaimer.lnk
2011-07-06 01:00:54 . 2010-02-05 20:39:08 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup Trial\Download Software.lnk
2011-07-06 01:00:54 . 2010-02-06 21:26:59 1,000 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup\Help FAQ.lnk
2011-07-06 01:00:54 . 2010-02-06 21:26:59 1,007 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup\More Software.lnk
2011-07-06 01:00:54 . 2010-02-06 21:26:59 1,000 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup\Easy Access.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:08 2,078 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Restart Runtime.lnk
2011-07-06 01:00:54 . 2010-02-06 21:26:59 1,000 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup\Complete Cleanup.lnk
2011-07-06 01:00:54 . 2010-02-06 21:26:59 1,007 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Complete Cleanup\Disclaimer.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:08 2,096 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:08 2,088 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Wizard.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:08 2,082 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:26 1,443 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:26 1,370 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX.lnk
2011-07-06 01:00:54 . 2009-11-03 20:41:08 2,094 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center\CCC - Advanced.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:35 1,377 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:26 1,339 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\ZoomBrowser EX\ZoomBrowser EX Readme.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:39 1,371 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:39 1,174 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:35 1,215 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\RAW Image Task\RAW Image Task Readme.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:36 1,503 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:39 1,152 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:33 1,421 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\RemoteCapture Task\RemoteCapture Task Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:36 1,312 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\MovieEdit Task\MovieEdit Task Readme.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:32 1,394 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:32 1,352 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Readme.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:32 1,413 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\PowerShot - IXY - IXUS - DV 6\CameraWindow DC_DV 6 Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:30 1,409 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:30 1,390 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow.lnk
2011-07-06 01:00:54 . 2010-03-09 20:53:18 1,220 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Advanced Uninstaller PRO\Uninstall.lnk
2011-07-06 01:00:54 . 2009-12-16 23:12:30 1,338 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Canon Utilities\CameraWindow\CameraWindowMC\CameraWindow MC 6 Readme.lnk
2011-07-06 01:00:54 . 2009-07-14 05:32:31 2,741 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
2011-07-06 01:00:54 . 2010-03-09 20:53:18 2,193 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Advanced Uninstaller PRO\Advanced Uninstaller PRO 10.lnk
2011-07-06 01:00:54 . 2009-07-14 04:53:33 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
2011-07-06 01:00:54 . 2009-07-14 04:54:29 1,262 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
2011-07-06 01:00:54 . 2009-07-14 04:53:58 1,274 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
2011-07-06 01:00:53 . 2009-07-14 04:53:50 1,232 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
2011-07-06 01:00:53 . 2011-05-11 13:25:53 1,262 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Print Management.lnk
2011-07-06 01:00:53 . 2009-11-13 05:52:02 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Security Configuration Management.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:05 1,288 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
2011-07-06 01:00:53 . 2011-02-16 20:02:59 1,381 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
2011-07-06 01:00:53 . 2009-07-14 04:53:33 1,268 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
2011-07-06 01:00:53 . 2011-02-16 20:02:59 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:21 1,294 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
2011-07-06 01:00:53 . 2009-07-14 04:53:52 1,270 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
2011-07-06 01:00:53 . 2011-05-11 13:25:53 1,958 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
2011-07-06 01:00:53 . 2009-07-14 04:54:29 1,298 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:22 1,274 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:13 1,468 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
2011-07-06 01:00:53 . 2009-07-14 05:32:31 1,899 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:13 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:13 216 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
2011-07-06 01:00:53 . 2009-07-14 05:32:31 1,989 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:13 1,468 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:09 1,316 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:15 343 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
2011-07-06 01:00:53 . 2009-11-03 20:12:14 1,436 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:13 1,386 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:15 1,316 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:09 1,320 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
2011-07-06 01:00:53 . 2009-07-14 04:53:33 1,250 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:57 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:29 1,268 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:09 1,338 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
2011-07-06 01:00:53 . 2009-07-14 04:54:25 1,290 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:58 1,252 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
2011-07-06 01:00:53 . 2009-07-14 04:53:50 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
2011-07-06 01:00:53 . 2009-07-31 04:11:20 1,883 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\Sound Blaster.lnk
2011-07-06 01:00:53 . 2009-07-14 04:55:00 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:07 370 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
2011-07-06 01:00:53 . 2009-07-14 04:57:07 1,388 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:58 1,254 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:09 1,579 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:58 1,322 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
2011-07-06 01:00:53 . 2009-07-14 04:53:55 1,367 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:14 1,272 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:08 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:16 1,351 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:32 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:14 1,238 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
2011-07-06 01:00:53 . 2009-11-13 05:52:00 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\NetworkProjection.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:23 1,266 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:16 1,364 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:08 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
2011-07-06 01:00:53 . 2009-07-14 04:55:00 1,230 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
2011-07-06 01:00:53 . 2009-11-13 05:52:00 1,854 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
2011-07-06 01:00:53 . 2011-03-30 03:10:52 1,376 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
2011-07-06 01:00:53 . 2009-11-03 20:16:32 1,547 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
2011-07-06 01:00:53 . 2011-03-30 03:10:44 2,488 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
2011-07-06 01:00:53 . 2011-03-30 03:10:46 1,307 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
2011-07-06 01:00:53 . 2009-07-14 04:54:59 1,210 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
2011-07-06 01:00:53 . 2011-03-30 03:10:29 1,460 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Live Mail.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:08 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
2011-07-06 01:00:53 . 2009-07-14 04:57:09 1,352 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:14 1,326 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
2011-07-06 01:00:53 . 2011-05-12 02:18:09 1,156 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
2011-07-06 01:00:53 . 2009-11-03 20:37:21 2,088 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\PowerDVD DX.lnk
2011-07-06 01:00:53 . 2009-11-03 20:12:14 1,345 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
2011-07-06 01:00:53 . 2010-08-27 00:13:11 1,382 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Microsoft Default Manager.lnk
2011-07-06 01:00:53 . 2011-03-30 03:10:52 1,748 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
2011-07-06 01:00:53 . 2010-06-02 03:22:42 1,877 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Hide My IP Address.lnk
2011-07-06 01:00:53 . 2011-05-04 22:24:33 2,441 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
2011-07-06 01:00:53 . 2010-01-09 15:59:28 2,519 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
2011-07-06 01:00:53 . 2009-07-14 05:01:14 442 --sha-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\desktop.ini
2011-07-06 01:00:53 . 2009-07-14 04:49:40 1,266 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Windows Update.lnk
2011-07-06 01:00:53 . 2010-04-30 00:56:33 1,009 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Programs\Acrobat_com.lnk
2011-07-06 01:00:53 . 2009-07-31 04:12:35 1,998 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Creative MediaSource Go!.lnk
2011-07-06 01:00:53 . 2009-07-14 05:01:14 1,282 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Local\Temp\smtmp\1\Default Programs.lnk
2011-07-06 00:58:26 . 2011-07-07 14:50:15 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-07-05 15:40:38 . 2011-07-05 15:40:48 45,056 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db.vir
2011-06-29 00:24:35 . 2011-06-29 00:24:35 741 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk.vir
2011-06-29 00:24:35 . 2011-06-29 00:24:35 669 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk.vir
2011-05-11 13:25:37 . 2011-05-11 13:25:37 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2011-02-22 18:49:35 . 2011-02-22 18:49:26 419,548 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\Videos\Greeting Card 2.exe.vir
2011-02-22 18:49:17 . 2011-02-22 18:48:45 419,556 ----a-w- C:\Qoobox\Quarantine\C\Users\djthedj\Videos\Greeting Card 1.exe.vir
2007-11-07 13:44:20 . 2007-11-07 13:44:20 855,040 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

djthedj