0

gerbil... I posted aswMBR at the "Private" location as instructed, and have left the aswMBR completed successfully scan screen open on my desktop.
---rabbie

0
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-25 15:49:46
-----------------------------
15:49:46.187    OS Version: Windows 5.1.2600 Service Pack 3
15:49:46.187    Number of processors: 1 586 0x1F00
15:49:46.187    ComputerName: MTNNJ70  UserName: A Boze
15:49:47.906    Initialize success
15:49:48.171    AVAST engine defs: 12082501
15:50:02.687    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f
15:50:02.687    Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 152627MB BusType: 3
15:50:02.718    Disk 1  \Device\Harddisk1\DR2 -> \Device\Parallel0.5
15:50:02.718    Disk 1 Vendor: IOMEGA__ K.05 Size: 152627MB BusType: 1
15:50:02.718    Disk 0 MBR read successfully
15:50:02.718    Disk 0 MBR scan
15:50:02.734    Disk 0 Windows XP default MBR code
15:50:02.734    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152625 MB offset 63
15:50:02.734    Disk 0 scanning sectors +312576705
15:50:02.812    Disk 0 scanning C:\WINDOWS\system32\drivers
15:50:09.734    Service scanning
15:50:21.750    Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
15:50:23.046    Modules scanning
15:50:47.234    Disk 0 trace - called modules:
15:50:47.265    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
15:50:47.265    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a651ab8]
15:50:47.265    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a6549e8]
15:50:47.265    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1f[0x8a6c7d98]
15:50:47.671    AVAST engine scan C:\WINDOWS
15:50:53.828    AVAST engine scan C:\WINDOWS\system32
15:52:45.031    AVAST engine scan C:\WINDOWS\system32\drivers
15:52:52.968    AVAST engine scan C:\Documents and Settings\A Boze
15:58:19.734    AVAST engine scan C:\Documents and Settings\All Users
16:00:22.531    Scan finished successfully
16:17:30.765    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\A Boze\Desktop\ANN'S System Attack\asw mbr\MBR.dat"
16:17:30.765    The log file has been saved successfully to "C:\Documents and Settings\A Boze\Desktop\ANN'S System Attack\asw mbr\aswMBR.txt"
0

gerbil, I re-checked those startup and services that were unchecked and lost my system (not my Wife's) until now. It's difficult to explain the symptoms. But I saw a number of applications in Taskmgr I'd not seen before. I couldn't get on the net to reply to you. So I re-unchecked those items in both our systems and ran Norton Eraser, Malwarebytes and ZoneAlarm scans. Also some of my programs I need to be productive stopped working, but have slowly come back as I identified registry problems via Glary Utilities Reg Scan. I was deeply concerned that I'd lost everything ( I didn't panic ). Do you think I should delete C:\1081a87273cf5e78fa4. and Delete these two:c:\program files\DefaultTab and c:\documents and settings\A Boze\Application Data\Def?
I'm curious, did the aswMBR show you anything? Let me know and I'll go back and complete the list of things to do.

0

Hello, Rabbe. Weekends.
Your AswMBR scan is normal, clean (the locked file is from your Webroot scanner). You can delete the log.
You can delete those 3 things I told you to.
I'll run through the Startup items in MSCONFIG for you:
\msconfig\startupreg\HPDJ Taskbar Utility] - c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe : HP deskjet taskbar utility.
\msconfig\startupreg\IntelliPoint] - c:\program files\Microsoft IntelliPoint\point32.exe : your mouse driver.
\msconfig\startupreg\MSMSGS] - c:\program files\Messenger\msmsgs.exe : Windows MSN Messenger service.
\msconfig\startupreg\ShowWnd] - c:\windows\ShowWnd.exe : your Microsoft? keyboard driver.
\msconfig\startupreg\Skype] - c:\program files\Skype\Phone\Skype.exe : you can uninstall Skype temporarily until you resolve your situation.
\msconfig\startupreg\SunKistEM] - c:\program files\Digital Media Reader\shwiconEM.exe : eMachine USB configuration optioner.
If you do not use Messenger, then you can do these things to stop it, instead of using MSCONFIG:
- in Messenger/Tools/Options uncheck "Run this program when Windows starts" on the Preferences tab.
- in Outlook Express, Tools/Options/General tab uncheck the option to automatically log on. Under the View/Layout tab uncheck the option to display Contacts.
- go Start> Control Panel > Add/Remove Programs > Add/Remove windows components and uncheck Messenger.
Frankly, none of those items should be causing you problems.
And Services (some names could be ambiguous, but I'll relate them to your softwares as best I can):
\msconfig\services]:
"Symantec Core LC"=2 (0x2) : Symantec
"MBackMonitor"=3 (0x3) : McAfee
"LiveUpdate Notice Service"=2 (0x2) : Symantec
"LiveUpdate"=3 (0x3) : Cannot tell.
"CryptSvc"=3 (0x3) : Microsoft file and network services authenticator. You NEED this.
"awhost32"=2 (0x2) ; Symantec PCAnywhere
"Automatic LiveUpdate Scheduler"=2 (0x2) : Symantec
"Symantec AntiVirus"=2 (0x2) : Symantec
"SNDSrvc"=3 (0x3) : Symantec
"DefWatch"=2 (0x2) : Symantec
"ccSetMgr"=2 (0x2) : symantec
"ccEvtMgr"=2 (0x2) : symantec
"wlidsvc"=2 (0x2) : Windows live sign-in service (for Messenger etc)
"IISADMIN"=2 (0x2) : allows the creation of multiple site definitions within XP, not running is causing the errors shown in Event Viewer.
"PrismXL"=2 (0x2) : eMachine thing
"PortEmulator"=3 (0x3) : creates a virtual COM port
"ose"=3 (0x3) : Microsoft Office
"DefaultTabUpdate"=2 (0x2) - Pest!!
"DefaultTabSearch"=2 (0x2) - Pest!!
"BBSvc"=3 (0x3) : Bing Bar.
"idsvc"=3 (0x3) : Windows cardspace for managing identities
"AcrSch2Svc"=2 (0x2) : Acronis TrueImage

With all those services CHECKED you should have been able to clean all the Symantec entries with their removal tool.
With this one checked, DefaultTabUpdate, you should be able to remove it thus:
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service Startup type to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now, I think the required name will be DefaultTabUpdate.
All the remaining services should be fine to leave checked.
I repeat, those items in MSCONFIG MUST BE CHECKED for them to be removed. ( if unchecked, MSCONFIG moves the entries from where they were originally to its own key, and uninstallers CANNOT find them there. Well, they just won't look there, so they don't get cleaned. Check them, and run the tools).
Show me a screenprint of your TaskManager processes afterwards - use Paint to crop it. Else, get and run this tool:
HiJackThis:
- download the executable file from: http://www.bleepingcomputer.com/files/hijackthis.php
- unzip if necessary; copy hijackthis.exe to a new FOLDER placed either alongside your program files or on your desktop.
Start Hijackthis via the desktop icon or by dclicking hijackthis.exe.
- CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
- click the Scan and Save a Logfile button. Post the log here.

Looking further at the log from the Combofix run you made it appears that some .NET files/folders were quarantined unnecessarily. We should restore those. Go to C:\qoobox and post ComboFix-quarantined-files.txt content.

Edited by gerbil

0

08-27-2012 performance of gerbil instructions
Posted the ComboFix in Private Message area
1. Created a restore point before changes
2. Exported a registry copy before changes
3. rechecked all MSCONFIG startups and services
4. Deletion Attempts
a. did not delete yet - c:\1081a87273cf5e78fa = holds the installation of WinXP Service Pack 3 (SP3)... gerbil... should I still delete this even though it's for WinXP SvcPk3?
b. (access denied CANNOT delete) - c:\program files\DefaultTab
c. deleted - c:\documents and settings\a boze\application data\DefaultTab

0

Ri-ight, don't delete that c:\1081a87273cf5e78fa folder .... seems a strange place for them.
We'll get rid of that DefaultTab folder soon, or you could delete it yourself from Safe Mode. Please do these things, I need to see what is running:
==Post the Prevx/Webroot scan log.
==Run OTL and post the two logs; I shall repeat the instructions:
-Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.
- Double click on the icon to start the application.
- Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
- Press Run Scan.
The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

0

gerbil attached please find screen prints of my running Taskmgr apps.

0

Re the TM process lists, Rabbe, all are valid process names which accord with the software you have installed. I must say thata you have quite a lot of user softwares running... KAS n Prevx should not be necessary.
The Prevx and OTL logs would be handy.

0

gerbil,
At my last login I posted, or thought I'd posted, both the Prevx/Webroot and OTL logs. Now I'm here at the post area and do not see them as they were when I logged out of Daniweb. What is going on? I opended "Code" control-v each log independent of the other, with idea of creating 2 separate posts... or so I thought. I then Alt-I and then Alt+S to save the posted logs. I can see here and now that did not happen. So... what I will now do is zip them and try to upload them to either this post using "Files" area or the Private Messages area.
---Rabbie

0
gerbil... Here is the ComboFix-quarantined-files
.


1.  2012-08-15 04:31:32 . 2012-08-15 04:31:32            1,162 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-DefaultTab.reg.dat
2.  2012-08-15 04:31:13 . 2012-08-15 04:31:13              963 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01}.reg.dat
3.  2012-08-15 04:31:12 . 2012-08-15 04:31:12              118 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}.reg.dat
4.  2012-08-15 04:23:02 . 2012-08-15 04:23:02              224 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_DefaultTabUpdate.reg.dat
5.  2012-08-15 04:23:01 . 2012-08-15 04:23:01              870 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_DefaultTabUpdate.reg.dat
6.  2012-08-15 01:52:01 . 2012-07-02 17:49:32           55,296 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DF.tmp.vir
7.  2012-08-15 01:52:00 . 2012-07-02 17:49:33          206,848 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DB.tmp.vir
8.  2012-08-15 01:52:00 . 2012-07-02 17:49:33          105,984 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DA.tmp.vir
9.  2012-08-15 01:52:00 . 2012-07-02 17:49:32          247,808 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET4EB.tmp.vir
10. 2012-08-15 01:52:00 . 2012-07-02 17:49:33           12,800 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET4E9.tmp.vir
11. 2012-08-15 01:51:59 . 2012-07-02 17:49:32          184,320 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E5.tmp.vir
12. 2012-08-15 01:51:59 . 2012-07-02 17:49:33          916,992 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D8.tmp.vir
13. 2012-08-15 01:51:58 . 2012-07-02 17:49:32          629,760 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E0.tmp.vir
14. 2012-08-15 01:51:57 . 2012-07-02 17:49:32        2,000,384 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E4.tmp.vir
15. 2012-08-15 01:51:57 . 2012-07-02 17:49:33        1,212,416 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D9.tmp.vir
16. 2012-08-15 01:51:56 . 2012-07-02 17:49:32        6,008,320 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4DE.tmp.vir
17. 2012-08-04 19:25:24 . 2012-08-15 04:05:46            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\twitter_ie.ico.vir
18. 2012-08-04 19:25:24 . 2012-08-15 04:05:46              318 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico.vir
19. 2012-08-04 19:25:24 . 2012-08-15 04:05:46            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\amazon_ie.ico.vir
20. 2012-08-04 19:25:24 . 2012-08-15 04:05:45            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\youtube_ie.ico.vir
21. 2012-08-04 19:25:24 . 2012-08-15 04:05:45            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\facebook_ie.ico.vir
22. 2012-08-04 19:25:24 . 2012-08-15 04:05:45            1,406 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\search_here_ie.ico.vir
23. 2012-08-04 19:24:08 . 2012-08-04 19:24:08            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\searchhere.ico.vir
24. 2012-08-04 19:24:08 . 2012-08-04 19:24:08            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\yahoo.ico.vir
25. 2012-08-04 19:24:08 . 2012-08-04 19:24:08            1,078 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\addon.ico.vir
26. 2012-08-04 19:24:08 . 2012-08-04 19:24:08              894 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\bing.ico.vir
27. 2012-08-04 19:24:08 . 2012-08-04 19:24:08            2,238 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\DT.ico.vir
28. 2012-08-04 19:24:08 . 2012-08-04 19:24:08            1,150 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\google.ico.vir
29. 2012-08-04 19:24:08 . 2012-08-04 19:24:08          386,704 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir
30. 2012-08-04 19:24:08 . 2012-08-04 19:24:08          120,976 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe.vir
31. 2012-08-04 19:24:08 . 2012-08-04 19:24:08          400,528 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir
32. 2012-08-04 19:24:07 . 2012-08-04 19:24:07          165,952 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\uninstalldt.exe.vir
33. 2012-08-04 19:24:07 . 2012-08-04 19:24:07          107,520 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\A Boze\Application Data\DefaultTab\DefaultTab\DTUpdate.exe.vir
34. 2012-07-06 13:58:52 . 2012-07-06 13:58:52          337,920 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6A7.tmp.vir
35. 2012-07-06 13:58:51 . 2012-07-06 13:58:51           78,336 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6A8.tmp.vir
36. 2012-07-05 00:00:14 . 2008-04-14 09:42:10          434,176 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA09.tmp.vir
37. 2012-07-05 00:00:13 . 2008-04-14 09:42:10          619,520 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA08.tmp.vir
38. 2012-07-05 00:00:13 . 2008-04-14 09:42:04           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA04.tmp.vir
39. 2012-07-05 00:00:13 . 2008-04-14 09:42:04           39,424 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA05.tmp.vir
40. 2012-07-05 00:00:13 . 2008-04-14 09:41:00           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA06.tmp.vir
41. 2012-07-05 00:00:13 . 2008-04-14 09:42:10           37,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA07.tmp.vir
42. 2012-07-05 00:00:13 . 2008-04-14 09:42:02          532,480 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA03.tmp.vir
43. 2012-07-05 00:00:13 . 2008-04-14 09:42:02          146,432 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA02.tmp.vir
44. 2012-07-05 00:00:13 . 2008-04-14 01:56:28           56,832 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA00.tmp.vir
45. 2012-07-05 00:00:13 . 2008-04-14 09:42:00          449,024 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9FF.tmp.vir
46. 2012-07-05 00:00:13 . 2008-04-14 01:56:28        1,351,168 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9FE.tmp.vir
47. 2012-07-05 00:00:13 . 2008-04-14 09:42:00        3,066,880 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET27.tmp.vir
48. 2012-07-05 00:00:13 . 2008-04-14 09:42:00        3,066,880 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET71.tmp.vir
49. 2012-07-05 00:00:13 . 2008-04-14 09:42:00        3,066,880 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9FD.tmp.vir
50. 2012-07-05 00:00:13 . 2008-04-14 09:42:00        3,066,880 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBC.tmp.vir
51. 2012-07-05 00:00:13 . 2008-04-14 09:42:00        3,066,880 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDF.tmp.vir
52. 2012-07-05 00:00:13 . 2008-04-14 09:42:28           29,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET26.tmp.vir
53. 2012-07-05 00:00:13 . 2008-04-14 09:42:28           29,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET70.tmp.vir
54. 2012-07-05 00:00:13 . 2008-04-14 09:42:28           29,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9FC.tmp.vir
55. 2012-07-05 00:00:13 . 2008-04-14 09:42:28           29,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBB.tmp.vir
56. 2012-07-05 00:00:13 . 2008-04-14 09:42:28           29,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDE.tmp.vir
57. 2012-07-05 00:00:13 . 2008-04-14 09:41:58          512,000 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET23.tmp.vir
58. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           15,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET24.tmp.vir
59. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET25.tmp.vir
60. 2012-07-05 00:00:13 . 2008-04-14 09:41:58          512,000 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6D.tmp.vir
61. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           15,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6E.tmp.vir
62. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6F.tmp.vir
63. 2012-07-05 00:00:13 . 2008-04-14 09:41:58          512,000 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET92.tmp.vir
64. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           15,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET93.tmp.vir
65. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET94.tmp.vir
66. 2012-07-05 00:00:13 . 2008-04-14 09:41:58          512,000 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F9.tmp.vir
67. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           15,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9FA.tmp.vir
68. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9FB.tmp.vir
69. 2012-07-05 00:00:13 . 2008-04-14 09:41:58          512,000 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB8.tmp.vir
70. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           15,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB9.tmp.vir
71. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBA.tmp.vir
72. 2012-07-05 00:00:13 . 2008-04-14 09:41:58          512,000 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDA.tmp.vir
73. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           15,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDB.tmp.vir
74. 2012-07-05 00:00:13 . 2008-04-14 09:41:58           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDC.tmp.vir
75. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET22.tmp.vir
76. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6C.tmp.vir
77. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET91.tmp.vir
78. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F8.tmp.vir
79. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB7.tmp.vir
80. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD9.tmp.vir
81. 2012-07-05 00:00:13 . 2008-04-14 09:42:42          360,960 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET21.tmp.vir
82. 2012-07-05 00:00:13 . 2008-04-14 09:42:42          360,960 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6B.tmp.vir
83. 2012-07-05 00:00:13 . 2008-04-14 09:42:42          360,960 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET90.tmp.vir
84. 2012-07-05 00:00:13 . 2008-04-14 09:42:42          360,960 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F7.tmp.vir
85. 2012-07-05 00:00:13 . 2008-04-14 09:42:42          360,960 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB6.tmp.vir
86. 2012-07-05 00:00:13 . 2008-04-14 09:42:42          360,960 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD8.tmp.vir
87. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20.tmp.vir
88. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6A.tmp.vir
89. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8F.tmp.vir
90. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F6.tmp.vir
91. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB5.tmp.vir
92. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD7.tmp.vir
93. 2012-07-05 00:00:13 . 2008-04-14 09:41:56          251,904 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C.tmp.vir
94. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1D.tmp.vir
95. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1E.tmp.vir
96. 2012-07-05 00:00:13 . 2008-04-14 09:41:56          251,904 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET66.tmp.vir
97. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET67.tmp.vir
98. 2012-07-05 00:00:13 . 2008-04-14 09:41:56           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET68.tmp.vir
99. 2012-07-05 00:00:13 . 2008-04-14 09:41:56          251,904 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8B.tmp.vir
100.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8C.tmp.vir
101.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8D.tmp.vir
102.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          251,904 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F2.tmp.vir
103.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F3.tmp.vir
104.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F4.tmp.vir
105.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          251,904 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB1.tmp.vir
106.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB2.tmp.vir
107.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB3.tmp.vir
108.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          251,904 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD3.tmp.vir
109.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD4.tmp.vir
110.    2012-07-05 00:00:13 . 2008-04-14 09:41:56           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD5.tmp.vir
111.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1A.tmp.vir
112.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET64.tmp.vir
113.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET89.tmp.vir
114.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F0.tmp.vir
115.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAF.tmp.vir
116.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD1.tmp.vir
117.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET18.tmp.vir
118.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET62.tmp.vir
119.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET87.tmp.vir
120.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9EE.tmp.vir
121.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAD.tmp.vir
122.    2012-07-05 00:00:13 . 2008-04-14 09:41:56          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCF.tmp.vir
123.    2012-07-05 00:00:12 . 2008-04-14 09:41:56          143,360 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET17.tmp.vir
124.    2012-07-05 00:00:12 . 2008-04-14 09:41:56          143,360 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET61.tmp.vir
125.    2012-07-05 00:00:12 . 2008-04-14 09:41:56          143,360 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET86.tmp.vir
126.    2012-07-05 00:00:12 . 2008-04-14 09:41:56          143,360 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9ED.tmp.vir
127.    2012-07-05 00:00:12 . 2008-04-14 09:41:56          143,360 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAC.tmp.vir
128.    2012-07-05 00:00:12 . 2008-04-14 09:41:56          143,360 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCE.tmp.vir
129.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16.tmp.vir
130.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET60.tmp.vir
131.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET85.tmp.vir
132.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9EC.tmp.vir
133.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAB.tmp.vir
134.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCD.tmp.vir
135.    2012-07-05 00:00:12 . 2008-04-14 04:07:10          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15.tmp.vir
136.    2012-07-05 00:00:12 . 2008-04-14 04:07:10          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5F.tmp.vir
137.    2012-07-05 00:00:12 . 2008-04-14 04:07:10          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET84.tmp.vir
138.    2012-07-05 00:00:12 . 2008-04-14 04:07:10          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9EB.tmp.vir
139.    2012-07-05 00:00:12 . 2008-04-14 04:07:10          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAA.tmp.vir
140.    2012-07-05 00:00:12 . 2008-04-14 04:07:10          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCB.tmp.vir
141.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14.tmp.vir
142.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5E.tmp.vir
143.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET83.tmp.vir
144.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9EA.tmp.vir
145.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA9.tmp.vir
146.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB0.tmp.vir
147.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13.tmp.vir
148.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5D.tmp.vir
149.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET82.tmp.vir
150.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9E9.tmp.vir
151.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA7.tmp.vir
152.    2012-07-05 00:00:12 . 2008-04-14 09:41:54          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF.tmp.vir
153.    2012-07-05 00:00:12 . 2008-04-14 09:41:52           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET12.tmp.vir
154.    2012-07-05 00:00:12 . 2008-04-14 09:41:52           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5C.tmp.vir
155.    2012-07-05 00:00:12 . 2008-04-14 09:41:52           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET81.tmp.vir
156.    2012-07-05 00:00:12 . 2008-04-14 09:41:52           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9E8.tmp.vir
157.    2012-07-05 00:00:12 . 2008-04-14 09:41:52           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA6.tmp.vir
158.    2012-07-05 00:00:12 . 2008-04-14 09:41:52           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE.tmp.vir
159.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11.tmp.vir
160.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5B.tmp.vir
161.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET80.tmp.vir
162.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9E7.tmp.vir
163.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA5.tmp.vir
164.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD.tmp.vir
165.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10.tmp.vir
166.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1B.tmp.vir
167.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET65.tmp.vir
168.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8A.tmp.vir
169.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9E6.tmp.vir
170.    2012-07-05 00:00:12 . 2008-04-14 09:41:50           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC.tmp.vir
171.    2012-07-05 00:00:12 . 2008-04-14 09:41:56           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET4.tmp.vir
172.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET5.tmp.vir
173.    2012-07-05 00:00:12 . 2008-04-14 09:41:56           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET7.tmp.vir
174.    2012-07-05 00:00:12 . 2008-04-14 09:41:56           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET8.tmp.vir
175.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET9.tmp.vir
176.    2012-07-05 00:00:12 . 2008-04-14 09:41:56           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET9DE.tmp.vir
177.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET9DF.tmp.vir
178.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETA.tmp.vir
179.    2012-07-05 00:00:12 . 2008-04-14 09:41:56           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETB.tmp.vir
180.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETC.tmp.vir
181.    2012-07-05 00:00:12 . 2008-04-14 09:41:56           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETD.tmp.vir
182.    2012-07-05 00:00:12 . 2008-04-14 09:42:24           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETE.tmp.vir
183.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          146,432 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA01.tmp.vir
184.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET19.tmp.vir
185.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET63.tmp.vir
186.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET88.tmp.vir
187.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9EF.tmp.vir
188.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAE.tmp.vir
189.    2012-07-05 00:00:12 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD0.tmp.vir
190.    2012-07-04 04:32:33 . 2012-07-04 04:32:33              706 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-hp deskjet 930c series.reg.dat
191.    2012-07-04 04:32:24 . 2012-07-04 04:32:24              616 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Yahoo! Pager.reg.dat
192.    2012-07-04 04:32:24 . 2012-07-04 04:32:24              562 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-vptray.reg.dat
193.    2012-07-04 04:32:24 . 2012-07-04 04:32:24              616 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ccApp.reg.dat
194.    2012-07-04 04:32:24 . 2012-07-04 04:32:24              716 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}.reg.dat
195.    2012-07-04 04:32:22 . 2012-07-04 04:32:22              306 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Notify-NavLogon.reg.dat
196.    2012-07-04 04:32:15 . 2012-07-04 04:32:15              150 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-ALUAlert.reg.dat
197.    2012-07-04 04:32:13 . 2012-07-04 04:32:13              189 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-updateMgr.reg.dat
198.    2012-07-04 04:32:12 . 2012-07-04 04:32:12              249 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}.reg.dat
199.    2012-07-04 04:21:52 . 2012-08-15 04:21:32           10,212 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
200.    2012-07-04 03:51:10 . 2012-08-15 04:14:29              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
201.    2012-07-03 03:19:34 . 2012-07-03 03:19:34       11,111,424 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E6.tmp.vir
202.    2012-06-13 18:47:47 . 2012-06-13 18:47:37              663 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c1fa887b03019701.fb.vir
203.    2012-06-13 18:47:47 . 2012-06-13 18:47:38              668 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6d03dad1035885d3.fb.vir
204.    2012-06-13 18:47:47 . 2012-06-13 18:47:37            1,071 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f998975c9cc711ee.fb.vir
205.    2012-06-13 18:47:47 . 2012-06-13 18:47:38              661 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\32c84fe32bb74d60.fb.vir
206.    2012-06-13 18:47:47 . 2012-06-13 18:47:38            1,072 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\31a0997e9a5b5eb3.fb.vir
207.    2012-06-13 18:47:47 . 2012-06-13 18:47:38           11,070 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f547ab491e914407.fb.vir
208.    2012-03-18 14:34:22 . 2012-03-18 14:33:56            7,902 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\38eb74076793c35a.fb.vir
209.    2012-03-01 20:52:30 . 2012-04-27 16:51:26            2,143 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\search.xml.vir
210.    2012-01-19 08:38:13 . 2012-06-13 18:47:39              639 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\590ba23ce359fd0c.fb.vir
211.    2012-01-19 08:38:13 . 2012-06-13 18:47:38              630 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\272512937d9e61a4.fb.vir
212.    2012-01-19 08:38:13 . 2012-06-13 18:47:37              398 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6c59ac5e7e7a3ad0.fb.vir
213.    2012-01-19 08:38:13 . 2012-06-13 18:47:38              669 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\a8556537add6dfc5.fb.vir
214.    2012-01-19 08:38:13 . 2012-06-13 18:47:37              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\651c5d3cdbfb8bd1.fb.vir
215.    2012-01-19 08:38:13 . 2012-06-13 18:47:39            1,045 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d201ef9910cd39de.fb.vir
216.    2012-01-19 08:38:13 . 2012-06-13 18:47:37              586 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c4d28dca2e7648be.fb.vir
217.    2012-01-19 08:38:13 . 2012-03-18 14:33:56            1,062 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\e0de16f883bea794.fb.vir
218.    2012-01-19 08:38:13 . 2012-06-13 18:47:38              366 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\ad10a52aff5e038d.fb.vir
219.    2012-01-19 08:38:13 . 2012-06-13 18:47:37              622 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\287204568329e189.fb.vir
220.    2012-01-19 08:38:13 . 2012-06-13 18:47:37              365 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\610289e025a3ee9a.fb.vir
221.    2012-01-19 08:38:13 . 2012-06-13 18:47:37              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d79b9dfe81484ec4.fb.vir
222.    2012-01-19 08:38:13 . 2012-06-13 18:47:38              567 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d2e94710a5708128.fb.vir
223.    2012-01-19 08:38:13 . 2012-06-13 18:47:37            1,022 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\3917078cb68ec657.fb.vir
224.    2012-01-19 08:38:13 . 2012-06-13 18:47:38              633 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\2c53092c95605355.fb.vir
225.    2012-01-19 08:38:13 . 2012-06-13 18:47:37            1,291 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\28bc8f716fd76a47.fb.vir
226.    2012-01-19 08:38:12 . 2012-01-19 08:38:01            7,902 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\40b315e2261dd09b.fb.vir
227.    2010-04-20 21:03:07 . 2010-02-25 10:49:29          369,664 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3B.tmp.vir
228.    2010-04-20 21:03:06 . 2010-02-26 06:12:21           39,424 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET54.tmp.vir
229.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET53.tmp.vir
230.    2010-04-20 21:03:06 . 2010-02-26 06:12:21          532,480 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET52.tmp.vir
231.    2010-04-20 21:03:06 . 2010-02-26 06:12:21          146,432 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET51.tmp.vir
232.    2010-04-20 21:03:06 . 2004-08-04 12:00:00          146,432 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET50.tmp.vir
233.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           56,832 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4F.tmp.vir
234.    2010-04-20 21:03:06 . 2010-02-26 06:12:20          449,024 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E.tmp.vir
235.    2010-04-20 21:03:06 . 2004-08-04 12:00:00        1,351,168 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D.tmp.vir
236.    2010-04-20 21:03:06 . 2010-02-26 06:12:20        3,065,344 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4C.tmp.vir
237.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           29,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4B.tmp.vir
238.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           22,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4A.tmp.vir
239.    2010-04-20 21:03:06 . 2010-02-26 06:12:17           16,384 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET49.tmp.vir
240.    2010-04-20 21:03:06 . 2009-08-21 09:46:35          450,560 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET48.tmp.vir
241.    2010-04-20 21:03:06 . 2010-02-26 06:12:17           96,256 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET47.tmp.vir
242.    2010-04-20 21:03:06 . 2004-08-04 12:00:00          358,400 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET46.tmp.vir
243.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           35,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET45.tmp.vir
244.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           93,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET2F.tmp.vir
245.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET43.tmp.vir
246.    2010-04-20 21:03:06 . 2004-08-04 12:00:00           48,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET42.tmp.vir
247.    2010-04-20 21:03:06 . 2010-02-26 06:12:17          251,392 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET41.tmp.vir
248.    2010-04-20 21:03:05 . 2004-08-04 12:00:00          323,584 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET40.tmp.vir
249.    2010-04-20 21:03:05 . 2004-08-04 12:00:00          221,184 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F.tmp.vir
250.    2010-04-20 21:03:05 . 2004-08-04 12:00:00          216,576 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E.tmp.vir
251.    2010-04-20 21:03:05 . 2004-08-04 12:00:00          139,264 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3D.tmp.vir
252.    2010-04-20 21:03:05 . 2004-08-04 12:00:00           34,304 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3C.tmp.vir
253.    2010-04-20 21:03:05 . 2004-08-04 12:00:00           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET2E.tmp.vir
254.    2010-04-20 21:03:05 . 2010-02-26 06:12:17          205,312 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A.tmp.vir
255.    2010-04-20 21:03:05 . 2010-02-26 06:12:16          357,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39.tmp.vir
256.    2010-04-20 21:03:05 . 2004-08-04 12:00:00           35,328 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38.tmp.vir
257.    2010-04-20 21:03:05 . 2004-08-04 12:00:00           99,840 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET37.tmp.vir
258.    2010-04-20 21:03:05 . 2004-08-04 12:00:00           61,440 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET36.tmp.vir
259.    2009-07-30 00:54:02 . 2004-08-04 12:00:00          276,480 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET59.tmp.vir
260.    2009-07-30 00:54:01 . 2004-08-04 12:00:00           37,888 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET56.tmp.vir
261.    2009-07-30 00:54:01 . 2010-02-26 06:12:22           61,952 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET55.tmp.vir
262.    2009-07-30 00:53:53 . 2010-02-26 06:12:23          662,016 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5A.tmp.vir
263.    2009-07-30 00:53:53 . 2010-03-10 08:02:04          417,792 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET58.tmp.vir
264.    2009-07-30 00:53:53 . 2010-02-26 06:12:23          624,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET57.tmp.vir
265.    2007-05-09 00:47:04 . 2007-01-04 13:36:48        3,056,640 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7A.tmp.vir
266.    2007-05-09 00:47:04 . 2007-01-04 13:37:03        1,494,528 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7F.tmp.vir
267.    2006-09-19 13:19:36 . 2006-09-19 13:19:36        1,246,720 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\MailSwitch.ocx.vir
268.    2005-04-17 08:42:31 . 2005-04-17 08:42:31                0 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
269.    2005-04-17 08:42:31 . 2003-02-21 08:42:22          348,160 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
270.    2005-04-17 08:42:30 . 2003-02-20 23:08:32        2,482,176 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
271.    2005-04-17 08:42:30 . 2003-02-20 23:09:18           77,824 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
272.    2005-04-17 08:42:30 . 2003-02-20 23:06:24          155,648 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
273.    2005-04-17 08:42:30 . 2003-02-20 23:06:20          282,624 -c--a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
274.    2004-08-04 12:00:00 . 2012-06-13 13:19:59        1,866,112 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\_000005_.tmp.dll.vir
275.    2004-08-04 12:00:00 . 2009-05-07 15:32:35          345,600 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
0

gerbil,
I formatted the combofix quarantine file using Word numbering and line-spacing removals, then control-v into "Code". It seemed to have worked much better, just thought I'd pass that on for future reference.

0

Since KAS n Prevx (Webroot) were not necessary...
[uninstalled] KAS (Kss.exe) and
Prevx (Webroot) [exited process but did not uninstall]

0

gerbil,
Be on the lookout for a zip file with a name similar to SecureeAnywhere 1208DD or a variation thereof. It will contain several Prevx/Webroot and OTL logs all dated for your convenience; in the format YYMMDD. Hope I've not inundated you. The Daniweb post process is currently having challenges as you know, and I thought the multi-logs might assist.
Thank You,
---rabbie

0

gerbil
1. did you receive the zipfile with Prevx and OTL logs in it?
2. HiJackThis follows

1.  Logfile of Trend Micro HijackThis v2.0.4
2.  Scan saved at 1:45:19 PM, on 8/28/2012
3.  Platform: Windows XP SP3 (WinNT 5.01.2600)
4.  MSIE: Unable to get Internet Explorer version!
5.  Boot mode: Normal
6.  .
7.  Running processes:
8.  C:\WINDOWS\System32\smss.exe
9.  C:\WINDOWS\system32\winlogon.exe
10. C:\WINDOWS\system32\services.exe
11. C:\WINDOWS\system32\lsass.exe
12. C:\WINDOWS\system32\Ati2evxx.exe
13. C:\WINDOWS\system32\svchost.exe
14. C:\WINDOWS\System32\svchost.exe
15. C:\WINDOWS\system32\Ati2evxx.exe
16. C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17. C:\WINDOWS\system32\spoolsv.exe
18. C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19. C:\Program Files\Java\jre6\bin\jqs.exe
20. C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21. C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
22. C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
23. C:\Program Files\Macrium\Reflect\ReflectService.exe
24. C:\Program Files\Microsoft\BingBar\SeaPort.EXE
25. C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
26. C:\WINDOWS\system32\tcpsvcs.exe
27. C:\WINDOWS\system32\svchost.exe
28. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
29. C:\WINDOWS\system32\mqsvc.exe
30. C:\WINDOWS\system32\mqtgsvc.exe
31. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
32. C:\Program Files\Google\Update\GoogleUpdate.exe
33. C:\WINDOWS\Explorer.EXE
34. C:\WINDOWS\SOUNDMAN.EXE
35. C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
36. C:\Program Files\Common Files\Java\Java Update\jusched.exe
37. C:\WINDOWS\zHotkey.exe
38. C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
39. C:\Program Files\AVAST Software\Avast\avastUI.exe
40. C:\Program Files\Microsoft IntelliType Pro\type32.exe
41. C:\Program Files\Digital Media Reader\shwiconem.exe
42. C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
43. C:\WINDOWS\system32\ctfmon.exe
44. C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
45. C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
46. C:\Program Files\Microsoft IntelliPoint\IPoint.exe
47. c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
48. C:\HJT\HijackThis.exe
49. .
50. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
51. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
52. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
53. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
54. O2 - BHO: (no name) - AutorunsDisabled - (no file)
55. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
56. O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
57. O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
58. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
59. O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
60. O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
61. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
62. O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
63. O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
64. O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
65. O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
66. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
67. O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
68. O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
69. O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
70. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
71. O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
72. O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
73. O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
74. O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
75. O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
76. O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
77. O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
78. O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
79. O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
80. O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
81. O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
82. O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
83. O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
84. O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
85. O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
86. O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
87. O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
88. O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
89. O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
90. O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
91. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
92. O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
93. O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
94. O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
95. O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
96. O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
97. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
98. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
99. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
100.    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
101.    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
102.    O15 - Trusted Zone: http://asia.msi.com.tw
103.    O15 - Trusted Zone: http://global.msi.com.tw
104.    O15 - Trusted Zone: http://www.msi.com.tw
105.    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
106.    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
107.    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341409221296
108.    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340846989109
109.    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
110.    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
111.    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
112.    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
113.    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
114.    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
115.    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
116.    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
117.    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
118.    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
119.    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
120.    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
121.    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
122.    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
123.    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
124.    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
125.    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
126.    O23 - Service: Port Emulator (Star) (PortEmulator) - Star Micronics Co., Ltd. - C:\Program Files\StarMicronics\TSP100\Software\20070601\portemu.exe
127.    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
128.    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
129.    O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
130.    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
131.    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
132.    .--
133.    End of file - 11381 bytes
0

gerbil (FYI),
Just to test the MS Word line-spacing and space removal technique i/c/w the "Code" snippet (Alt-I) and then Alt+S Reply to this Discussion process... I'm happy to say it worked again with no drama. :-)
Are you receiving the log posts and/or zip files? They may have looked like they worked but if you do not get them it's obvious we'll have to try another method.
---rabbie

Edited by Rabbiedab: added statement

0

Rabbe, I do not see anywhere your Prevx or OTL logs.
Posted for Rabbe is his first Combofix run log:
ComboFix 12-07-02.01 - A Boze 07/04/2012 0:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1566 [GMT -4:00]
Running from: c:\documents and settings\A Boze\Desktop\MALICIOUS URL BLOCKED PROBLEM\5 ComboFix\ComboFix.exe
AV: avast! Antivirus Disabled/Updated (7591DB91-41F0-48A3-B128-1A293FD8233D)
AV: AVG Internet Security 2012 Enabled/Updated (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: AVG Internet Security 2012 Enabled (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: Norton Internet Worm Protection Disabled (990F9400-4CEE-43EA-A83A-D013ADD8EA6E)
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\A Boze\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\38eb74076793c35a.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\40b315e2261dd09b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f547ab491e914407.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 03:38 . 2012-07-04 03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-03 23:43 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2012-07-03 23:42 . 2004-08-04 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2012-07-03 23:41 . 2004-08-04 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2012-07-03 23:38 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-07-03 23:38 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-07-03 23:15 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2012-07-03 23:15 . 2001-08-17 17:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2012-07-03 23:10 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-07-03 23:10 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-07-03 23:10 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-07-03 23:10 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-07-03 23:10 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET127.tmp
2012-07-03 23:10 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET11B.tmp
2012-07-03 23:09 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET118.tmp
2012-06-29 15:19 . 2012-06-29 16:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-20 13:12 . 2012-06-20 13:12 -------- d-----w- c:\program files\GUM54.tmp
2012-06-20 13:12 . 2012-06-20 13:12 3993600 ----a-w- c:\program files\GUT55.tmp
2012-06-20 13:11 . 2012-06-20 13:12 -------- d-----w- c:\documents and settings\A Boze\Local Settings\Application Data\Deployment
2012-06-19 18:22 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-19 18:22 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-19 18:22 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-19 18:22 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-19 18:22 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-19 18:22 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-19 18:22 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-19 18:22 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-19 18:21 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-19 18:21 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-19 18:21 . 2012-06-19 18:21 -------- d-----w- c:\program files\AVAST Software
2012-06-19 18:21 . 2012-06-19 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-06-14 12:48 . 2012-06-14 12:48 -------- d-----w- C:\d75935d9882286b372047922b34ff6c8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 16:19 . 2011-06-26 14:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 21:35 . 2010-03-25 00:21 222448 ----a-w- c:\windows\system32\muweb.dll
2000-02-24 21:07 . 2010-07-02 17:26 570128 -c--a-w- c:\program files\Common Files\DAO350.DLL
1996-08-06 03:00 . 2010-07-02 17:26 456464 -c--a-w- c:\program files\Common Files\DAO3032.DLL
2011-12-21 07:24 . 2011-12-28 15:59 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="(472083B0-C522-11CF-8763-00608CC02F24)"
[HKEY_CLASSES_ROOT\CLSID(472083B0-C522-11CF-8763-00608CC02F24)]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
.
c:\documents and settings\A Boze\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^A Boze^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^A Boze^Start Menu^Programs^Startup^Membership Plus QuickView.lnk]
backup=c:\windows\pss\Membership Plus QuickView.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^A Boze^Start Menu^Programs^Startup^TrueAssistant.lnk]
backup=c:\windows\pss\TrueAssistant.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk]
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-14 00:36 196608 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"MBackMonitor"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"CryptSvc"=2 (0x2)
"awhost32"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"wlidsvc"=2 (0x2)
"PortEmulator"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\WINDOWS\system32\sessmgr.exe"=
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [12/30/2011 10:53 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [12/30/2011 10:53 PM 83392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/19/2012 2:22 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/19/2012 2:22 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/19/2012 2:22 PM 20696]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 8:56 PM 431384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 1:26 AM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/29/2012 11:19 AM 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 1:26 AM 135664]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [4/17/2005 3:46 AM 3351]
S4 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe [5/27/2007 1:13 PM 98304]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 16:19]
.
2012-07-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-22 21:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 05:26]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 05:26]
.
2012-07-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\A Boze\Application Data\Mozilla\Firefox\Profiles\lokq3874.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc3bf78df-5c88-4be5-b117-35ebdb2a1d33%7D&mid=b0a9512e677447d1ba72d1453002496f-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=9.0.0.23&lang=en&pr=fr&d=2011-12-28%2021%3A21%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39) - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-NavLogon - (no file)
MSConfigStartUp-BgMonitor_(79662E04-7C6C-4d9f-84C7-88D8A56B10AA) - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-hp deskjet 930c series - c:\program files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=\CO\HPDJPrinter3 -vproduct=930c -huninstall
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 00:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-07-04 00:33:00
ComboFix-quarantined-files.txt 2012-07-04 04:32
.
Pre-Run: 129,060,220,928 bytes free
Post-Run: 130,168,897,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F00932AF19B0627ADF253B2718D425C8

Edited by gerbil

0

Rabbe, you are keeping me off-balance. You ran TDSSKiller and the Kaspersky scanner but without posting any result. I cannot do this if i must guess at causative agents. And to see the log from your second Combofix run would be helpful.

0

gerbil,
the tone of the last response received from you had a hint of frustration attached. I apologize for any inconvenience that I caused you by doing what was alleged I did. What you could not have known is that I could not get my browser to work, nor could I get online to respond to your messages. I was fundamentally at whit's end... so whatever I'm accused of doing that disrupted the resolution of my Wife's and my computer virus problems I take full responsibility. It should be stated that I could not have gotten some semblence of computer/internet/www usage without my stuggle to get rid of what was negating me from the access we both so desparately need to do our research. It was not my intetnt to create a problem from the problem at-hand. If I'd had your email address I would have kept you in the loop symptom-wise. No one is more frustrated than my Wife and I... and still we're not out of the woods so to speak. 1. emails only come in with attachments and no information in the email body... 2. browser hangs intermittently and requires sending a report to Microsoft and ultimately a reboot... So again, kindly forgive me but I did what I did so that I could once again communicate on DaniWeb. We're not getting much else done on the WWW. Let's acll it a day, as I do not desire to cause you any more frustration, as you work with others getting them productive. God Bless and thank you for all you've done.
Respectfully,
---Rabbie

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.