New
#31
combofix.txt
ComboFix 11-03-10.02 - avflink 12/03/2011 10:24:03.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.60.1033.18.1013.484 [GMT 8:00]
Running from: c:\users\avflink\Documents\aIDM\Programs\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
c:\users\avflink\AppData\Roaming\Microsoft\Windows\Templates\cdkeys.txt
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2011-03-12 02:38 . 2011-03-12 02:59 -------- d-----w- c:\users\avflink\AppData\Local\temp
2011-03-12 02:38 . 2011-03-12 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-12 02:38 . 2011-03-12 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-12 00:16 . 2011-03-12 00:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-11 02:02 . 2011-03-11 02:02 -------- d-----w- c:\program files\ESET
2011-03-10 16:17 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 16:17 . 2011-03-10 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-03-10 16:17 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 05:52 . 2011-03-10 05:52 -------- d-----w- c:\users\avflink\AppData\Roaming\SUPERAntiSpyware.com
2011-03-10 05:52 . 2011-03-10 05:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-10 05:52 . 2011-03-10 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-07 07:50 . 2011-03-07 07:50 -------- d-----w- c:\users\avflink\AppData\Local\stub
2011-03-05 16:41 . 2011-03-05 16:41 -------- d-----w- c:\users\avflink\AppData\Local\ODUI
2011-03-05 16:38 . 2011-03-05 16:38 -------- dc-h--w- c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-03-05 16:13 . 2011-03-05 16:13 -------- d-----w- c:\users\avflink\AppData\Roaming\Stardock
2011-03-05 07:37 . 2011-03-05 12:42 -------- d-----w- c:\programdata\PC Tools
2011-03-04 20:49 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF6C4425-582F-4916-BFD2-D3A0E5960256}\mpengine.dll
2011-03-04 13:01 . 2011-03-04 13:01 -------- d-----w- c:\programdata\Start Orb Manager
2011-03-04 13:01 . 2009-10-31 05:45 2030592 ----a-w- c:\windows\explorer_backup.exe
2011-03-04 11:57 . 2011-03-04 11:57 -------- d-----w- c:\program files\nCube
2011-03-04 07:21 . 2011-03-11 13:17 -------- d-----w- c:\programdata\WinZip
2011-03-02 05:16 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-03-02 05:13 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-01 15:24 . 2011-03-01 15:24 -------- d-----w- c:\users\avflink\AppData\Local\Winamp Toolbar
2011-03-01 05:26 . 2011-03-12 02:41 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-28 07:41 . 2011-03-01 05:18 -------- d-----w- c:\users\avflink\AppData\Local\SRS Labs
2011-02-28 07:41 . 2011-02-28 07:41 -------- d-----w- c:\programdata\SRS Labs
2011-02-28 07:08 . 2011-02-28 07:08 98304 ----a-w- c:\program files\Windows Media Player\wmpband.dll
2011-02-27 03:35 . 2011-02-27 03:35 -------- d-----w- c:\users\avflink\AppData\Roaming\Activision
2011-02-27 03:35 . 2011-02-27 03:35 -------- d-----w- c:\programdata\Activision
2011-02-26 01:01 . 2011-02-26 01:01 -------- d-----w- c:\users\avflink\New folder
2011-02-23 12:04 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 09:59 . 2011-03-11 11:08 -------- d-----w- c:\users\avflink\AppData\Roaming\IDM
2011-02-23 09:59 . 2011-02-23 09:59 -------- d-----w- c:\program files\Internet Download Manager
2011-02-23 08:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 08:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 09:49 . 2011-03-01 05:14 -------- d-----w- c:\program files\Feedback Tool
2011-02-21 16:19 . 2010-06-07 06:59 57904 ----a-w- c:\windows\system32\wbload.dll
2011-02-21 16:19 . 2008-04-26 07:14 42672 ----a-w- c:\windows\system32\wbsys.dll
2011-02-21 12:53 . 2011-02-21 12:51 131584 ----a-w- c:\windows\system32\sndrec32.exe
2011-02-18 09:19 . 2011-02-18 09:19 -------- d-----w- c:\programdata\ParetoLogic
2011-02-18 09:18 . 2011-02-18 09:18 -------- d-----w- c:\programdata\Cached Installations
2011-02-17 00:50 . 2011-02-18 08:47 -------- d-----w- c:\users\avflink\AppData\Local\Dexter the Game
2011-02-17 00:38 . 2011-03-01 05:14 -------- d-----w- c:\program files\Icarus Studios, Inc
2011-02-14 09:59 . 2011-02-14 09:59 -------- d-----w- c:\users\avflink\AppData\Roaming\Lonely Troops
2011-02-14 09:53 . 2011-02-14 09:53 -------- d-----w- c:\programdata\Funny Bear Studio
2011-02-14 09:38 . 2011-03-03 15:25 -------- d-----w- c:\programdata\FarmFrenzy2
2011-02-14 09:37 . 2011-03-03 15:28 -------- d-----w- c:\program files\MyPlayCity.com
2011-02-12 07:15 . 2011-02-12 07:15 -------- d-----w- c:\programdata\Wondershare
2011-02-12 07:12 . 2011-03-01 05:15 -------- d-----w- c:\program files\Wondershare
2011-02-12 00:21 . 2011-03-01 05:14 -------- d-----w- c:\program files\IObit Toolbar
2011-02-12 00:21 . 2011-02-12 00:21 -------- d-----w- c:\program files\Application Updater
2011-02-11 15:52 . 2011-02-11 15:52 -------- d-----w- c:\program files\Memory Washer
2011-02-10 14:51 . 2011-03-01 05:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-10 14:51 . 2011-03-01 05:14 -------- d-----w- c:\program files\Common Files\SRS Labs
2011-02-10 14:51 . 2011-03-01 05:15 -------- d-----w- c:\program files\SRS Labs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 03:10 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 10:27 . 2010-08-14 00:37 22032896 ----a-w- c:\windows\system32\imageres.dll
2011-02-03 05:45 . 2011-02-09 05:34 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 09:11 . 2010-06-01 17:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-25 10:40 . 2011-02-01 14:37 85768 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-01-07 07:27 . 2011-02-09 05:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 05:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37 . 2011-02-09 05:36 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38 . 2011-02-09 05:37 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38 . 2011-02-09 05:37 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38 . 2011-02-09 05:37 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38 . 2011-02-09 05:37 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38 . 2011-02-09 05:37 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 05:37 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38 . 2011-02-09 05:37 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36 . 2011-02-09 05:37 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36 . 2011-02-09 05:37 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34 . 2011-02-09 05:37 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29 . 2011-02-09 05:36 541184 ----a-w- c:\windows\system32\kerberos.dll
.
.
------- Sigcheck -------
.
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[-] 2009-10-31 . A58FEBE1AFC2D72E803AFAD51BA4F3AF . 2131456 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2009-10-31 . 980572BCDB38D1E54DF473D2C6F8CE62 . 2131456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-02-16 1882136]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-02-16 22:44 1882136 ----a-w- c:\program files\ToggleEN\tbTogg.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 07:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\users\avflink\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 07:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-12-31 03:53 2349080 ----a-w- c:\program files\free-downloads.net\tbfree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2010-09-26 09:31 141568 ----a-w- c:\progra~1\DAP\dapieloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-02-16 1882136]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-02-16 1882136]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MegakeyUpdater"="c:\users\avflink\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [2011-01-13 64000]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"SRSHDAudioLab"="c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe" [2010-12-01 546816]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-10 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-21 2068480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
.
c:\users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-3-6 4142448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-12 91136]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 20:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2009-07-22 21:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 16:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Q-Face agent]
2008-12-16 01:52 20792 ----a-w- c:\program files\MSI\MSI Q-Face\WebTest.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe [2010-11-18 196096]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLASHSYS;FLASHSYS; [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [2010-05-10 22328]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [2010-05-10 25912]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [2010-05-10 16696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3555568]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2010-09-13 12592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-01 1343400]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-10 420920]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIB717.tmp [2010-12-05 86016]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 449408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-26 322664]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-07-02 384752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-01-23 06:11]
.
2011-03-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-01-23 08:19]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=93.86.162.100:8080;ftp=93.86.162.100:8080;https=93.86.162.100:8080;
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture Web Page - c:\users\avflink\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download remotely with IDA - c:\program files\IDA\remdown.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\users\avflink\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\programdata\Megamedia\Megakey\msadm.dll
TCP: {593B376E-676F-48D9-A12E-62FDA99F37BD} = 202.188.0.133,202.188.1.5
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\avflink\AppData\Roaming\Mozilla\Firefox\Profiles\2czp8mth.Firefox3\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: XJZ Survey Remover: survey-remover@gmx.com - %profile%\extensions\survey-remover@gmx.com
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\users\avflink\AppData\Local\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\avflink\AppData\Roaming\IDM\idmmzcc3
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIB717.tmp\" -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44164FB2-EE55-C560-BF4F-B823942BC67E}*]
"hanbphdeelogcmga"=hex:6b,61,69,6a,65,6c,69,6a,68,67,63,6c,6c,6f,66,67,65,6a,
62,70,69,69,00,00
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAFA642D-4D62-DB26-5DAF-71AAF11AE732}*]
@Allowed: (Read) (RestrictedCode)
"fapbpmemdgdd"=hex:66,61,6b,62,64,67,66,6a,67,69,6d,6a,00,ff
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F990C899-1F76-80FE-6C7F-7E26270AD21D}*]
@Allowed: (Read) (RestrictedCode)
"abnmkilkelhdamplholbichklefeaponif"=hex:6b,61,6f,64,6e,69,67,64,64,6d,64,6f,
62,63,70,61,67,6a,64,63,64,69,00,00
"palcalmfpmeldhbkjibjlcceondpkjll"=hex:6b,61,6f,64,6e,69,67,64,64,6d,64,6f,62,
63,70,61,67,6a,64,63,64,69,00,00
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{09fad736-a6cd-4ebb-bdf0-6bbbdc9ba508}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000103
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,e6,4e,41,10,c4,2c,98,b2,df,7b,ad,34,74,cf,94,30,42,2d,58,8e,14,1a,\
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):32,2c,b5,c1,19,04,09,26,8b,fd,65,d8,69,74,64,d8,e8,bf,40,43,81,
1f,19,5e,00,3f,32,91,f3,95,0f,d4,43,83,8c,b1,7e,9d,2d,96,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{64f0b0da-4b97-4504-94d4-ff83482c0658}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000038
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1517447009-2668293335-1708370260-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c5,99,62,4a,07,f0,eb,2e,eb,ec,0e,eb,2f,46,06,65,6f,97,c8,38,72,
c4,83,f4,bf,d5,f9,fd,5c,b9,be,4c,f2,96,b8,03,3b,eb,2b,48,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3244)
c:\program files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-03-12 11:04:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-12 03:04
ComboFix2.txt 2011-03-11 12:24
.
Pre-Run: 31,885,910,016 bytes free
Post-Run: 31,832,518,656 bytes free
.
- - End Of File - - 176DEC84EE1A00C72122BE4579113B3F
==========
combofix-quarantined-file.txt
2011-03-12 01:37:09 . 2011-02-26 15:11:26 175,104 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe.vir
2011-03-12 00:27:10 . 2011-03-12 00:38:45 5,263 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Microsoft\Windows\Templates\cdkeys.txt.vir
2011-03-11 12:21:31 . 2011-03-11 12:21:31 478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-GetAmped2_US.reg.dat
2011-03-11 12:21:30 . 2011-03-11 12:21:30 1,258 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Dexter The Game.reg.dat
2011-03-11 12:19:00 . 2011-03-11 12:19:00 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-My Web Search Bar Search Scope Monitor.reg.dat
2011-03-11 12:18:46 . 2011-03-11 12:18:46 434 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-WBSrv.reg.dat
2011-03-11 12:17:31 . 2011-03-11 12:17:31 168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-cacaoweb.reg.dat
2011-03-11 12:17:30 . 2011-03-11 12:17:30 166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793}.reg.dat
2011-03-11 12:17:29 . 2011-03-11 12:17:29 166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}.reg.dat
2011-03-11 12:17:09 . 2011-03-11 12:17:09 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-03-11 12:04:45 . 2011-03-11 12:04:45 1,128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MyWebSearchService.reg.dat
2011-03-11 12:04:12 . 2011-03-12 02:34:16 7,672 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-11 11:52:31 . 2011-03-12 02:24:03 274 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-03-01 04:24:23 . 2011-03-01 04:24:28 1,724 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00094C6A.bin.vir
2011-03-01 04:24:22 . 2011-03-01 04:24:23 1,620 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00094A0A.bmp.vir
2011-03-01 04:24:21 . 2011-03-01 04:24:22 215 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\000943A4.vir
2011-03-01 04:24:21 . 2011-03-01 04:24:21 1,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\History\search3.vir
2011-03-01 04:24:21 . 2011-03-01 04:24:20 56,521 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm.vir
2011-03-01 04:24:15 . 2011-03-01 04:24:20 56,521 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Cache\00092C9B.vir
2011-01-30 09:07:23 . 2011-01-30 09:07:23 0 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\ad1873C64B.ad.vir
2011-01-30 05:55:14 . 2011-01-30 06:03:42 27 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\adstorage.db.vir
2011-01-30 05:55:14 . 2011-01-30 09:07:44 25 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\storage.db.vir
2011-01-30 05:55:09 . 2011-01-30 06:03:37 346,864 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\cacaoweb\cacaoweb.exe.vir
2011-01-28 09:36:34 . 2011-01-28 09:36:34 726,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 24 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings\s_pid.dat.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 12,782 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\WB.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\SMILEY.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 10,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\PSS.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\MFC.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 7,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\icons\CM.ICO.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 56,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\REVERSI.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 66,726 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHESS.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 56,438 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 113,081 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 243,509 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 149,817 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 155,471 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 43,287 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 122,747 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\MAID.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 272,367 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 129,559 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 106,998 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\FISH.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 71,675 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\DOG.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 301,118 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 87,778 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 330,710 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Message\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 89,655 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S.vir
2011-01-28 06:19:36 . 2011-01-28 06:19:36 3,844 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR.vir
2011-01-28 06:19:31 . 2011-01-28 06:19:29 32,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 28,762 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 796,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 77,913 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir
2011-01-28 06:19:30 . 2011-01-28 06:19:30 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 57,447 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 73,813 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 155,738 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 16,500 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 16,479 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 28,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 86,078 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 16,501 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 715 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 3,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 20,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 305 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 5,446 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 28,776 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 32,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 77,906 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 278,610 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 86,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 139,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 139,130 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG.vir
2011-01-28 06:19:29 . 2011-01-28 06:19:29 133 ----a-w- C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST.vir
2010-12-29 14:22:43 . 2010-12-29 14:28:44 122 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi.vir
2010-12-29 14:22:43 . 2010-12-29 14:28:44 1,471 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi.vir
2010-12-29 14:22:42 . 2010-12-29 14:28:46 269 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\.ddr.vir
2010-12-29 14:22:20 . 2010-12-29 14:22:20 7,716,864 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp.vir
2010-12-29 08:23:25 . 2010-12-29 08:23:25 316 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk.vir
2010-12-29 08:23:25 . 2010-12-29 08:23:25 348 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk.vir
2010-12-29 08:23:25 . 2010-12-29 08:23:25 384 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk.vir
2010-12-29 08:03:34 . 2010-12-29 09:21:04 33 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en. divx.ddr.vir
2010-12-29 08:03:31 . 2010-12-29 08:06:18 4,199,082 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx.vir
2010-12-11 07:16:00 . 2010-12-11 07:16:01 75,473 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\pic\Img1.jpeg.vir
2010-12-11 07:00:36 . 2010-12-11 07:00:36 100,941 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\pic\Img%.jpeg.vir
2010-12-11 07:00:36 . 2010-12-11 07:00:36 48 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\melt.txt.vir
2010-12-11 07:00:31 . 2010-12-11 07:00:31 4,499 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\cd.txt.vir
2010-12-11 07:00:30 . 2010-12-11 07:00:30 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\explorer\Decrypt.txt.vir
2010-11-21 01:25:53 . 2010-11-21 01:25:53 51 ----a-w- C:\Qoobox\Quarantine\C\autorun.inf.vir
2010-11-21 01:24:55 . 2011-03-09 03:10:58 53,248 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\chrtmp.vir
2009-07-13 23:34:20 . 2009-07-14 01:14:43 26,112 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir
2006-02-26 23:40:21 . 2006-02-26 23:40:21 15 ----a-w- C:\Qoobox\Quarantine\C\Users\avflink\AppData\Roaming\logs.dat.vir
2005-07-06 16:41:12 . 2005-07-06 16:41:12 98,343 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\14_43260.dll.vir
2005-07-06 16:41:12 . 2005-07-06 16:41:12 57,383 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\28_83260.dll.vir
========
this report from virustotal
c:\program files\superantispyware\keygen.exe
Antivirus Version Last Update Result AhnLab-V32011.03.15.022011.03.15-AntiVir7.11.4.2042011.03.15-Antiy-AVL2.0.3.72011.03.15-Avast4.8.1351.02011.03.14-Avast55.0.677.02011.03.14-BitDefender7.22011.03.15-CAT-QuickHeal11.002011.03.15-ClamAV0.96.4.02011.03.14-Commtouch5.2.11.52011.03.15-Comodo79872011.03.15-DrWeb5.0.2.033002011.03.15-Emsisoft5.1.0.22011.03.15HackTool.Win32.Ke!IKeSafe7.0.17.02011.03.14-eTrust-Vet36.1.82162011.03.15-F-Prot4.6.2.1172011.03.15-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.15-GData212011.03.15-IkarusT3.1.1.97.02011.03.15HackTool.Win32.KeJiangmin13.0.9002011.03.15-K7AntiVirus9.93.41092011.03.15-Kaspersky7.0.0.1252011.03.15-McAfee5.400.0.11582011.03.15Artemis!F75852775406McAfee-GW-Edition2010.1C2011.03.15Artemis!F75852775406Microsoft1.66032011.03.15HackTool:Win32/KeygenNOD3259532011.03.14-Norman6.07.032011.03.14-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.14-PCTools7.0.3.52011.03.11-Prevx3.02011.03.15-Rising23.49.01.032011.03.15-Sophos4.63.02011.03.15-SUPERAntiSpyware4.40.0.10062011.03.15-Symantec20101.3.0.1032011.03.15WS.Reputation.1TheHacker6.7.0.1.1502011.03.15-TrendMicro9.200.0.10122011.03.15-TrendMicro-HouseCall9.200.0.10122011.03.15-VBA323.12.14.32011.03.14-VIPRE87082011.03.15-ViRobot2011.3.15.43572011.03.15-VirusBuster13.6.249.32011.03.14- Additional information
Show all
MD5 : f75852775406d209ed523458792f796d SHA1 : c366e4d6c8682f2603dce42504b63a6a310222ac SHA256: d93fade6e6e760d028bebd23335fcf0bf1c84dd8321c2e9f2a8024be7050f4b7 ssdeep: 6144:hRAjFBlDyLrM2/YuPIaE4IgxwZ/A4hOt2PNvuO:AlDyLrMDkQv6in File size : 266240 bytes First seen: 2010-01-02 22:12:18 Last seen : 2011-03-15 08:11:54 TrID:
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%) sigcheck:
publisher....: AT4RE
copyright....:
product......:
description..: Prince _ AT4RE
original name:
internal name:
file version.: 2.0.0.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser packers (F-Prot): UPX packers (Kaspersky): UPX PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0xD0DE0
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x93000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x94000, 0x3D000, 0x3D000, 7.92, eb83bc5a278dc67cbd3bdefc1215a1a1
.rsrc, 0xD1000, 0x4000, 0x3C00, 4.66, 2a436db29540a70cb46eeff7ad85fc20
[[ 9 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
advapi32.dll: RegFlushKey
comctl32.dll: ImageList_Add
comdlg32.dll: ChooseColorA
gdi32.dll: SaveDC
ole32.dll: CoInitialize
oleaut32.dll: VariantCopy
user32.dll: GetDC
version.dll: VerQueryValueA
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 249856
Comments:
CompanyName: AT4RE
EntryPoint: 0xd0de0
FileDescription: Prince | AT4RE
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 260 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 2.0.0.0
FileVersionNumber: 1.0.0.0
ImageVersion: 0.0
InitializedDataSize: 16384
InternalName:
LanguageCode: English (U.S.)
LegalCopyright:
LegalTrademarks:
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename:
PEType: PE32
ProductName:
ProductVersion: 1.0.0.0
ProductVersionNumber: 1.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 602112
==============
c:\windows\prefetch\crack.exe-0dad9529.pf
Antivirus Version Last Update Result AhnLab-V32011.03.15.022011.03.15-AntiVir7.11.4.2042011.03.15-Antiy-AVL2.0.3.72011.03.15-Avast4.8.1351.02011.03.14-Avast55.0.677.02011.03.14-AVG10.0.0.11902011.03.14-BitDefender7.22011.03.15-CAT-QuickHeal11.002011.03.15-ClamAV0.96.4.02011.03.14-Commtouch5.2.11.52011.03.15-Comodo79872011.03.15-DrWeb5.0.2.033002011.03.15-Emsisoft5.1.0.22011.03.15-eSafe7.0.17.02011.03.14-eTrust-Vet36.1.82162011.03.15-F-Prot4.6.2.1172011.03.15-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.15-GData212011.03.15-IkarusT3.1.1.97.02011.03.15-Jiangmin13.0.9002011.03.15-K7AntiVirus9.93.41092011.03.15-Kaspersky7.0.0.1252011.03.15-McAfee5.400.0.11582011.03.15-McAfee-GW-Edition2010.1C2011.03.15-Microsoft1.66032011.03.15-NOD3259532011.03.14-Norman6.07.032011.03.14-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.14-PCTools7.0.3.52011.03.11-Prevx3.02011.03.15-Rising23.49.01.032011.03.15-Sophos4.63.02011.03.15-SUPERAntiSpyware4.40.0.10062011.03.15-Symantec20101.3.0.1032011.03.15-TheHacker6.7.0.1.1502011.03.15-TrendMicro9.200.0.10122011.03.15-TrendMicro-HouseCall9.200.0.10122011.03.15-VBA323.12.14.32011.03.14-VIPRE87082011.03.15-ViRobot2011.3.15.43572011.03.15-VirusBuster13.6.249.32011.03.14- Additional information
Show all
MD5 : 53054225fd43e7c25352cdf9d2c2cf8e SHA1 : 44c7f419a5fb00c8c99faa76a2c6d0140dfdd7a9 SHA256: 5f4ec36d8df07eca9743bfed05b0e7e7d2420dd38eb26c77b4db113777b35763 ssdeep: 1536:xkLkexFGd3zVjK51v97sPF/IIVwaTi4Xb9pUfYzgCAFcn1zkecMn+5ju0l7K:SF06ILDpp
UfYz5AF6kW File size : 103018 bytes First seen: 2011-03-15 08:28:50 Last seen : 2011-03-15 08:28:50 TrID:
Unknown! sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned==========
the manufacture of this netobook is MICRO-STAR INTERNATIONAL CO.,LTD
the model of this notebook is u100 plus..
======
once again i ask can i uninstall all the system tweak n reg cleaner with revo uninstalle..i just afraid i mess up with system again..
Please hold off on uninstalling those programs, or making any other changes to your computer for the time being.sorry but that program u mention in last post refer to that..the system tweak n reg cleaner or system control manager..it is okey to me to uninstall all the syetem tweak n reg cleaner with revo uninstaller
ComboFix indicated that the system file userinit.exe was infected. I would like you to upload the quarantined file to VirusTotal and see if we can get some info regarding what infected your system.
Upload File for testing
Please go to Virustotal or jotti.org
Copy/paste this file and path into the white box at the top:
Press Submit - this will submit the file for testing.C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
===============
Please note:
The use of cracks and keygens, in addition to being illegal, is a likely cause of your computer becoming infected.
===============
Please tell me what the make and model of your computer is in your next reply.
Last edited by Carolyn; 15 Mar 2011 at 18:29.
userinit.exe.vir - Jotti's malware scan...
MICRO-STAR INTERNATIONAL CO., LTD
it a netbook msi u100 plus..
and i read this website..
it is okey to me to do it..there 4 website..
Repair and Recover Windows 7/Vista/XP After a Virus Attack | Web Talk
How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk - How-To Geek
How to Use the BitDefender Rescue CD to Clean Your Infected PC - How-To Geek
Exterminate Malware Efficiently with Spybot Search & Destroy - How-To Geek
n after this i won do the keygen n crack thing..please help me solved this..
Interesting - userinit.exe.vir scans came back clean.
You're netbook will have a Recovery partition that can be used to restore it to the factory defaults. That will not format the hard drive - to do that you will need installation media from MSI and a USB Optical Drive or another computer with which to create a bootable Flash Drive.
Contact MSI - they should be able to provide instructions for restoring the computer, or provide you with the media (for a small charge).
You'll need to back up your personal files and folders before doing the restore.
How to Back Up Your Data
Before you transfer your files to your clean computer, follow Jacee's instructions and do an online scan with ESET to make certain they are not infected.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online