Free Malware Removal Forum

by **dan12** » March 27th, 2009, 8:51 am

Hi, Thanks for your report,unfortunately you never clicked to fix items, so you need to run again.
It shows in the log no action taken.

Will await further reports.
Dan

by **Jay Thompson** » March 27th, 2009, 1:05 pm

Dohhhhhhhhhhhhhhhhhhhhhhhhhhhh! ALright I will rerun, in the meantime here is Kaspersky...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 27, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 27, 2009 09:27:18
Records in database: 1975760
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 137102
Threat name: 10
Infected objects: 518
Suspicious objects: 0
Duration of the scan: 05:08:26

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\uagxble.exe.vir Infected: Trojan-Downloader.Win32.Agent.bjge 1
C:\Qoobox\Quarantine\C\WINDOWS\addcq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\adddw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addez.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addfj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addgc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addhg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addju.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addmc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addne.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addqi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addqp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addru32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addtg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addtr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addum.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addvw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addwr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addxq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addyp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apian.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiar.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiav32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apibr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apika32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apime32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apint.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apioh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apipg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiqt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apitb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apitq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiwr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apixf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appej.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appfk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appfs32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apphq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appjr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appmn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appnw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appqk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appsa.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apptj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appuh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appui.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appuk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appvr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appwh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appyh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlai.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlan32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlas.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlay.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlcg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atldp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlee32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlgc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlhb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlhu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atljd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlqd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlqs32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlsw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atluc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlue.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlvk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlxx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crdu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crfz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crgm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crgv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crlu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crrd32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\cruy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crxa.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3bi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3dr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3kx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3mf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3wx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3zx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iean32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iefs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iehk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iehl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieia32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieic32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iejy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iekn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iemv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieor32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iepp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ierz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ietr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieup.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iewn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieyt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iezu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipda32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipdx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipfc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iphm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipir.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iplg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipnu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipre32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iprj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipst.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iptl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipwi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipzm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaak.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javabw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javacr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javacz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javadu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaex32.dll.bak.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javafc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javafg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javagv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javajr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javamx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaol32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaoz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaps.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javapv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaqf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaro.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javauo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javavg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcac.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcbd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcbl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcbn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcdy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcfn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcgn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcgt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfchq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfckk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfckw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfclc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcmh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcoz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcpl.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcqj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfctt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcty32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcwp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msak32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msde32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msdw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msfy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msid.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msig32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msiu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msja.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msmz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msnk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msnt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mspi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msqp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msqq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msqx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msru32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mssa.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mssm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mstb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mstp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mstu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msul32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msun.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msuv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msvd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msvr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mswb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msyh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mszc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netbh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netbx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nethi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netjg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netjh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netkn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netls32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netmd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netoj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netox.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netpw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netqb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netql32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nettz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netub32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netuo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netuu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netvm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netwy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netyi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netym32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntaj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntbs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntcx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntdw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntet.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nteu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nthd32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nthv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nthz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntip32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntla32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntqv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntqy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntst.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntxe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntxh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntxr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntya.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntzv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntzz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\n_jroudm.dat.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdklt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkml.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkoa32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkoq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkqr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkqt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkry32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkti32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkxn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syscp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysdj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysfo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysjj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysly.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syspp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syssu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addcq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addeo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addfm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addhk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addnu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addqy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addto.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addum.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adduo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adduz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addvq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addvz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addxx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiad.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apias.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apibw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiij.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiiz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apijq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apikf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apikg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apimm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apini32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apioh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiqq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apivo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apivz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appbq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appca.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appdu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appep32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appiy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appkv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appkx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\applb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appna32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appol32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appon.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appqz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlbt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlce32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlex32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlyn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlzb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlzu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe.vir Infected: Backdoor.Win32.KeyStart.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crag32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crbo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crca32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crcp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crel.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crer32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crev32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crgx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crhb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\croe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\croo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crsk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crww32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cryp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3kr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3mu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3nd32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3pp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3px32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3rj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3ur32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3zf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dduvppfq.dll.vir Infected: Trojan.Win32.Monder.baux 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_75f1e42e_.sys.zip Infected: Rootkit.Win32.Agent.hta 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_UACyyqpardn_.sys.zip Infected: Rootkit.Win32.TDSS.gwh 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hhs3ijndfd.dll.vir Infected: Trojan-Dropper.Win32.Small.cun 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieae.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iecs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieeh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iefm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieiy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iejz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ielp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iemi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iepk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieqo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ierf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iesv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iexc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipcu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipdg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipew32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipfu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iphb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iphx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipip32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipll32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipok.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ippb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ippd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipra32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipre32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iprf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipsc.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipsk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipxa32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipxh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaaz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javadk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javadt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javalk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaoe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaoj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaqi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaqt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javasr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javatu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javavx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javavz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javayb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javazx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfccx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcds32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcej32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcgf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcgu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcjf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcjh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfclw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcor32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcpk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcrj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcsf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcsj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfczg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfczx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msck.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msdm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mslp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mslw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msmz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mssh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msti.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msud32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msvh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msws.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mszl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netbi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netbt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netdl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netgq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netii32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netjo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netks.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netkv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netnx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netpl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netru32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netug32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netup.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netwm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netxj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntba32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntbc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntcu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntgb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nthj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nthy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntjm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntkh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntkt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntlf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntmf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntsg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntyf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntyq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntzb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nvcilsgl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ruynon.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkaj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkar32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkat32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkfg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkgj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkkr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkma.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdknc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkof32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkrg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkrv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkul.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkxr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkxs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkys32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkyz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\svoswo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysbg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysco32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysfe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysfv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\syshv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysij32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysmv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoe.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysqc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\systg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysvh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysxm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winba32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winbr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winby32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winga.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winjq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winjy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winki.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winll32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winmk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winvp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winwp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winwu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winyt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winyy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ygimtlrm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\Qoobox\Quarantine\C\WINDOWS\sysvl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysxy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syszg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winer.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winfw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winio32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winjg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winjv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winos32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winsc.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winsv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\wintc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\wintr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winuh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winvg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winvh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winwc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winyz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1983\A0387700.INI Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1983\A0387700.INI Infected: Trojan-Downloader.Win32.Agent.bc 1

The selected area was scanned.

by **dan12** » March 27th, 2009, 3:49 pm

There all safe and will be dealt with soon. Will await malwarebytes report

Dan

by **Jay Thompson** » March 27th, 2009, 5:29 pm

Ok, here is the Malwarebytes log after the removals...

Malwarebytes' Anti-Malware 1.35
Database version: 1906
Windows 5.1.2600 Service Pack 2

3/27/2009 2:12:27 PM
mbam-log-2009-03-27 (14-12-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 238142
Time elapsed: 1 hour(s), 38 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{287368c4-44ed-86d5-a425-efbb34f6c8c6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b606603-5e87-931a-2610-76e878a78a45} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c677779-4fd3-169d-ba8e-e71421ade371} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abe199e3-d9ff-9402-7cdb-478d4a6cb9d9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2b7baa3-33ad-6c59-40fc-fcc46f8f765e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f8f3ef62-9037-7ac7-5da5-bb03797e47e8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa83f041-a1a7-96e9-9a0f-5bfec18c399d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\uagxble.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe.vir (Backdoor.KeyStart) -> Quarantined and deleted successfully.

by **dan12** » March 27th, 2009, 5:57 pm

Ok, that's good, how are things from account B now?

by **Jay Thompson** » March 27th, 2009, 6:31 pm

Looking much better. Thanks. Progrm manager and regedit are freed up. No hijacking going on. Its been quite a run, we appreciate it much.

I have one concern, in that at boot time, when we are typing in our passwords, the text doest type right away, there is a 3-5 second delay. Once the desk top blue shows up the icons seem to have a big delay also. Are any of these things to be concerned about?

by **dan12** » March 27th, 2009, 7:07 pm

I don't believe it to be malware related.
when was the last time you defraged the system? Interesting article here for you

I'd like to see another scan to check a couple of things out for you..

DDS (Doesn't Do Squat)

Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please

Double click DDS.scr to run it and wait for the scan to finish
When finished DDS.txt will open
A small while later, a prompt will open. Answer Yes
DDS will continue scanning
When done, Attach.txt will open
Post DDS.txt and attach Attach.txt

dan

by **Jay Thompson** » March 28th, 2009, 12:39 am

Here you go Dan...
Account B
DDS...followed by attach...

DDS (Ver_09-03-16.01) - NTFSx86
Run by Monique at 21:32:54.78 on Fri 03/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.595 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Online Armor Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Monique\Desktop\dds.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [S4F] c:\program files\s4f\Filter7.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\monique\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\monique\local settings\temp\{413483a4-7be2-434b-920f-d2e8d0d63a19}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partne ... nicode.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 3256666875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: {9D9E74DE-34BF-43FE-AFF9-317895B44F1D} = 68.94.156.1,68.94.157.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\monique\applic~1\mozilla\firefox\profiles\4eiiwaj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... ts.aspx?q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... ts.aspx?q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {564B55A2-332B-48EA-B5D2-E710B98398E0} - c:\documents and settings\monique\local settings\application data\{564B55A2-332B-48EA-B5D2-E710B98398E0}
FF - HiddenExtension: XUL Cache: {0DF7585E-B3FA-493C-832B-389AFAE2C020} - c:\documents and settings\jay\local settings\application data\{0DF7585E-B3FA-493C-832B-389AFAE2C020}

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2003-3-23 9344]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-21 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-21 107912]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-3-21 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-3-21 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-3-21 28872]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-21 298264]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-9-7 29178224]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-3-21 1402568]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-3-21 3321032]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2007-7-25 6016]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2003-3-23 445440]

=============== Created Last 30 ================

2009-03-27 11:27 <DIR> --d----- C:\ComboFix
2009-03-27 11:26 388,608 a------- c:\windows\system32\CF27833.exe
2009-03-27 11:26 388,608 a------- c:\windows\system32\cmd.execf
2009-03-26 21:47 <DIR> --d----- c:\docume~1\monique\applic~1\Malwarebytes
2009-03-26 08:47 <DIR> --d----- C:\_OTMoveIt
2009-03-24 10:30 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-24 08:40 <DIR> --d----- c:\docume~1\monique\applic~1\AVGTOOLBAR
2009-03-23 18:38 <DIR> --d----- c:\docume~1\monique\applic~1\OnlineArmor
2009-03-23 13:43 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-23 13:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-23 13:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-23 08:45 <DIR> --d----- c:\program files\PokerStars
2009-03-21 17:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-03-21 17:41 30,920 a------- c:\windows\system32\drivers\OAmon.sys
2009-03-21 17:41 28,872 a------- c:\windows\system32\drivers\OAnet.sys
2009-03-21 17:41 178,376 a------- c:\windows\system32\drivers\OADriver.sys
2009-03-21 17:41 <DIR> --d----- c:\program files\Tall Emu
2009-03-21 17:41 <DIR> --d----- C:\OnlineArmor
2009-03-21 15:30 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-21 15:30 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-21 15:30 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-21 15:30 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-21 15:29 <DIR> --d----- c:\program files\AVG
2009-03-21 15:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-17 16:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-17 16:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 16:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-17 12:49 <DIR> --d----- C:\cmdcons
2009-03-17 12:46 161,792 a------- c:\windows\SWREG.exe
2009-03-17 12:46 98,816 a------- c:\windows\sed.exe
2009-03-17 12:46 <DIR> --d----- C:\Combo-fix

==================== Find3M ====================

2008-07-21 20:08 100,888 a------- c:\docume~1\monique\applic~1\GDIPFONTCACHEV1.DAT
2004-07-26 13:22 483 a------- c:\program files\Shortcut to Broderbund.lnk
2004-07-26 13:22 473 a------- c:\program files\Shortcut to TurboTax.lnk
2002-08-29 04:00 94,784 -c-sh--- c:\windows\TWAIN.DLL
2004-08-04 00:56 50,688 ---sh--- c:\windows\twain_32.dll
2004-08-04 00:56 83,456 a--sh--- c:\windows\system32\olepro32.dll
2004-08-04 00:56 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 21:34:13.68 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2003 7:44:28 PM
System Uptime: 3/27/2009 2:18:19 PM (7 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Celeron(R) CPU 1.80GHz | Socket 478 | 1794/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 12.796 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1938: 1/12/2009 4:26:36 PM - System Checkpoint
RP1939: 1/13/2009 8:42:52 PM - System Checkpoint
RP1940: 1/14/2009 8:46:10 PM - System Checkpoint
RP1941: 1/15/2009 12:25:52 PM - Last known good configuration
RP1942: 1/16/2009 1:02:56 PM - System Checkpoint
RP1943: 1/19/2009 3:56:37 PM - System Checkpoint
RP1944: 1/21/2009 10:45:44 AM - System Checkpoint
RP1945: 1/21/2009 11:56:31 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1946: 1/22/2009 11:59:32 AM - System Checkpoint
RP1947: 1/23/2009 1:15:56 PM - System Checkpoint
RP1948: 1/24/2009 8:09:45 PM - System Checkpoint
RP1949: 1/25/2009 8:59:48 PM - System Checkpoint
RP1950: 1/27/2009 8:16:52 AM - System Checkpoint
RP1951: 1/27/2009 8:56:07 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1952: 1/27/2009 9:00:17 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1953: 1/28/2009 9:01:57 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1954: 1/29/2009 1:26:48 PM - System Checkpoint
RP1955: 1/30/2009 2:39:42 PM - System Checkpoint
RP1956: 1/31/2009 6:33:25 PM - System Checkpoint
RP1957: 2/2/2009 8:37:30 AM - System Checkpoint
RP1958: 2/3/2009 9:44:29 AM - System Checkpoint
RP1959: 2/3/2009 10:08:11 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1960: 2/3/2009 10:22:09 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1961: 2/5/2009 4:23:48 PM - System Checkpoint
RP1962: 2/6/2009 4:59:18 PM - System Checkpoint
RP1963: 2/7/2009 9:39:25 PM - System Checkpoint
RP1964: 2/9/2009 8:01:53 AM - System Checkpoint
RP1965: 2/10/2009 9:27:02 AM - System Checkpoint
RP1966: 2/11/2009 4:08:12 PM - System Checkpoint
RP1967: 2/12/2009 4:20:50 PM - System Checkpoint
RP1968: 2/13/2009 4:52:13 PM - System Checkpoint
RP1969: 2/16/2009 10:48:19 AM - System Checkpoint
RP1970: 2/17/2009 11:43:37 AM - System Checkpoint
RP1971: 2/18/2009 1:55:04 PM - System Checkpoint
RP1972: 2/19/2009 5:49:11 PM - System Checkpoint
RP1973: 2/20/2009 8:47:12 PM - System Checkpoint
RP1974: 2/21/2009 8:53:44 PM - System Checkpoint
RP1975: 2/23/2009 9:50:45 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1976: 2/24/2009 10:34:29 AM - System Checkpoint
RP1977: 2/25/2009 10:39:06 AM - System Checkpoint
RP1978: 2/26/2009 10:48:16 AM - System Checkpoint
RP1979: 3/17/2009 3:31:47 PM - ComboFix created restore point
RP1980: 3/18/2009 12:25:44 PM - ComboFix created restore point
RP1981: 3/19/2009 11:37:45 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1982: 3/19/2009 11:39:29 AM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP1983: 3/19/2009 2:16:25 PM - ComboFix created restore point
RP1984: 3/20/2009 8:13:39 AM - Removed Ad-Aware SE Personal
RP1985: 3/20/2009 8:15:15 AM - Removed Avatar - Legends of The Arena.
RP1986: 3/20/2009 8:16:18 AM - Removed Avatar - Legends of The Arena.
RP1987: 3/20/2009 8:19:53 AM - Removed Riven
RP1988: 3/20/2009 8:20:49 AM - Removed The mystery of the mummy
RP1989: 3/21/2009 2:32:41 AM - ComboFix created restore point
RP1990: 3/21/2009 3:29:41 PM - Installed AVG Free 8.5
RP1991: 3/22/2009 10:28:10 AM - Avg8 Update
RP1992: 3/22/2009 9:32:45 PM - Removed Full Tilt Poker
RP1993: 3/22/2009 9:34:56 PM - Removed GameShadow
RP1994: 3/22/2009 9:36:32 PM - Removed Microsoft Money 2003
RP1995: 3/22/2009 9:37:46 PM - Removed Microsoft Money 2003 System Pack
RP1996: 3/23/2009 1:33:44 PM - Installed Java(TM) 6 Update 11
RP1997: 3/25/2009 1:48:45 AM - System Checkpoint
RP1998: 3/26/2009 8:40:32 AM - Avg8 Update
RP1999: 3/26/2009 8:42:07 AM - Avg8 Update
RP2000: 3/27/2009 9:37:02 AM - System Checkpoint

==== Installed Programs ======================

101 Languages of the World
3D Groove Playback Engine
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Adventure Anniversary Pack
Ahead InCD EasyWrite Reader
American Greetings CreataCard
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
AVG 8.5
Backyard Baseball 2003
Backyard Basketball
BACS
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite
BroadJump Client Foundation
Bumper Wars
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ClickArt® 10,000 Image Pack
ClickArt® Gallery
ClueFinders 6th Grade Adventures
Color@Home II
Conexant SmartHSFi V92 56K DF PCI Modem
CyberSky
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Digital Line Detect
Easy CD & DVD Creator 6
Easy Chef's Million Recipes
ESET Online Scanner
File Viewer Utility 1.3.2
FilterPak for Windows
GameSpy Arcade
Generic color icon driver
Google Updater
HedgeBuilders Internet Filtering
Help and Support Customization
HijackThis 2.0.2
hp instant support
hp officejet d series
HP Photo Printing Software
HP Share-to-Web
InCD (Ahead Software)
Intel(R) Extreme Graphics Driver
InterActual Player
ItsDeductible Express
iTunes
Java(TM) 6 Update 11
Journey to the Center of the Earth
Kaspersky Online Scanner
Kid Pix Deluxe 3
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Office XP Standard for Students and Teachers
Microsoft Picture It! Photo 7.0
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (XACTWARE)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets and Trips 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft Zoo Tycoon
Mobile Link
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Myst Masterpiece Edition
Myst Uru - Complete Chronicles
Myst V End Of Ages
Nero OEM
NeroMediaPlayer
NeroVision Express
NiBiRu
NTI Backup NOW! Deluxe
Online Armor 3.0
Paint Shop Pro 7
Paradise - Update 1.1
Passport to 35 Languages
PhotoStitch
Picasa 3
PokerGirls - DemoGirl
PokerStars
QuickBooks Pro 2005
QuickTime
RAW Image Task
RealPlayer
RemoteCapture 2.7.5
RemoteCapture Task
Return to Mysterious Island
Rhapsody Player Engine
Rhem2_E
Riddle of the Sphinx 2.0
RollerCoaster Tycoon 3
SATMath
SATMath (C:\Program Files\SATMath\)
SATMath (C:\Program Files\SATMath\) #3
SATMath (C:\Program Files\SATMath\) #4
Scholastic's I SPY Treasure Hunt
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Shockwave
SoundMAX
Stitch's Blazing Lasers
Super Collapse! 3
The Worksite CD - Summer 2004 Edition
TurboTax 2002
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2004
TurboTax Premier 2005
TurboTax Premier Home & Business 2003
UHS Reader (Version 5.10)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player
WebEx
WebFldrs XP
WexTech AnswerWorks
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordSmart Vocabulary
Works Suite OS Pack
XactRemodel
XactRemodel 2.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: Access is denied.
3/21/2009 5:23:00 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
3/21/2009 5:20:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/21/2009 5:10:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cdudf_xp Fips Processor
3/21/2009 4:25:05 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 000874C5E40E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/21/2009 4:23:13 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9D9E74DE-34BF-43FE-AFF9-317895B44F1D} because another computer on the network has the same name. The server could not start.
3/20/2009 8:12:45 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7023] - The Server service terminated with the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The SQL Server (XACTWARE) service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The MSSQLSERVER service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The Online Armor Helper Service service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The Secdrv service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7000] - The WMDM PMSP Service service failed to start due to the following error: Access is denied.
3/21/2009 6:59:58 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Access is denied.
3/21/2009 7:00:01 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
3/21/2009 7:00:04 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/21/2009 7:00:08 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Access is denied.
3/21/2009 7:00:08 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Access is denied.
3/21/2009 7:00:11 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: Access is denied.
3/21/2009 8:36:09 PM, error: DCOM [10000] - Unable to start a DCOM Server: {4CD40054-9865-47B2-A16C-1BD17DA4AAD9}. The error: "%5" Happened while starting this command: C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
3/21/2009 8:48:20 PM, error: DCOM [10000] - Unable to start a DCOM Server: {72278E83-B0EF-4E49-9E10-6947602C1030}. The error: "%5" Happened while starting this command: "C:\Program Files\QuickTime\QTSystem\ExportController.exe" -Embedding
3/23/2009 6:30:34 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/24/2009 10:52:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server (XACTWARE) service to connect.
3/24/2009 10:52:30 AM, error: Service Control Manager [7000] - The SQL Server (XACTWARE) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2009 8:42:05 AM, error: DCOM [10000] - Unable to start a DCOM Server: {43F70AD5-76D5-42DB-90E0-249BCCCC84E6}. The error: "%5" Happened while starting this command: "C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe" -Embedding
3/26/2009 8:50:36 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgcfgx.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/26/2009 9:31:21 AM, error: DCOM [10000] - Unable to start a DCOM Server: {9E14B23B-5D8A-447F-B962-6D6D6897861E}. The error: "%5" Happened while starting this command: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe" -Embedding
3/27/2009 12:23:40 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.

==== End Of File ===========================

by **dan12** » March 28th, 2009, 4:21 pm

Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.

How to prevent it from being recreated every time you run the AOL software:
- Open AOL
- Go to Help on the toolbar
- Select About AOL
- Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.

Start > Run, type appwiz.cpl and click OK.

Uninstall the following:

Java(TM) 6 Update 11

Now close Control Panel.

Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 13.

Go to http://java.sun.com/javase/downloads/index.jsp
Go to Java Runtime Environment (JRE) 6 Update 13 about half way down the page and click on the Download button.
In Platform box choose Windows.
Check the box to Accept License Agreement and click Continue.
Click on Windows Offline Installation, click on the link under it which says jre-6u12-windows-i586-p.exe and save the downloaded file to your desktop.
Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
Uncheck the Toolbar button (unless you want the toolbar)
Reboot your computer

Post a fresh HJT log

by **Jay Thompson** » March 28th, 2009, 5:55 pm

Thanks Dan...Viewpoint is Gone.

Did the Java stuff

Here is the latest HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:53 PM, on 3/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Monique\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Monique\Local Settings\Temp\{413483A4-7BE2-434B-920F-D2E8D0D63A19}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7584 bytes

by **Jay Thompson** » March 29th, 2009, 2:21 am

Hey Dan.
Please see my previous post, it has the HJT log following your last assignments you gave me.

I did a defrag to see if it would help with the boot ime issues...
Here is the log from that...

Volume (C:)
Volume size = 55.87 GB
Cluster size = 4 KB
Used space = 39.47 GB
Free space = 16.40 GB
Percent free space = 29 %

Volume fragmentation
Total fragmentation = 6 %
File fragmentation = 13 %
Free space fragmentation = 0 %

File fragmentation
Total files = 130,632
Average file size = 514 KB
Total fragmented files = 11
Total excess fragments = 49,924
Average fragments per file = 1.38

Pagefile fragmentation
Pagefile size = 384 MB
Total fragments = 3

Folder fragmentation
Total folders = 12,723
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 200 MB
MFT record count = 144,888
Percent MFT in use = 70 %
Total MFT fragments = 4

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
48 327 MB \Program Files\JoWood\Tunguska\music.spr
359 364 MB \Program Files\JoWood\Nibiru\gfx1.grp
121 409 MB \Program Files\JoWood\Nibiru\gfx4.grp
48,667 680 MB \Program Files\S4F\debug.txt
557 1.10 GB \Program Files\JoWood\Nibiru\gfx2.grp
153 1.26 GB \Program Files\JoWood\Tunguska\video.spr

by **dan12** » March 29th, 2009, 6:23 am

Account B

You still use.. Background Intelligent Transfer Service ( bits ) any problems?

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Monique\Local Settings\Temp\{413483A4-7BE2-434B-920F-D2E8D0D63A19}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

post a further HJT report from this account.

Now open Account A

CLEAN UP
Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

dan

by **Jay Thompson** » March 29th, 2009, 12:15 pm

Not sure about BITS. I saw it in Windows/system32/ did a bit of reading on it, but I am not sure what I may have installed that used it? Looks like it is exposed. What should I do? How can I delete it if I need to? What do you recommend?

I will work on my account next.

Here is the newsest HJT log after the last deletion...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:06 AM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Monique\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7386 bytes

by **dan12** » March 29th, 2009, 5:18 pm

Have you carried out the clean up on account A yet?

Let me know when carried out.
dan

by **Jay Thompson** » March 29th, 2009, 9:01 pm

Yes. I still have atf-cleaner, HJT, dds.scr, javara, spybotsd14.exe, system_look, something called fixwareout, the java 13 install exe. should they be deleted also or can they hang.

Free Malware Removal Forum

Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Re: Web hijacking & Program manager disabled

Who is online