Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: I think my system is infected  (Read 5495 times)

0 Members and 1 Guest are viewing this topic.

roco

    Topic Starter


    Rookie

    I think my system is infected
    « on: July 18, 2012, 08:31:15 PM »
    Hi there,

    I think my system is still infected, so I ran super antispyware, malware bytes, Kdsskiller, and combofix. I did find some infections, and deleted them, but I am not sure if I have cleaned my system correctly. Also after running combofix, some of my files that I need are missing. For instance, I do not have any sound, and I did not have a start menu or the bar where the clock is, but I recovered this with my free registry repair. I can not copy and paste, my Firefox desktop icon is missing, but can still access using my desktop html. One last thing I am noticing is when I try to minimize my Firefox, I should be able to see it in my start menu tab where the clock is, but it does not show anymore.

    I will not do anything and will wait for your instructions.

    Thanks!!

    Here are the combofix files, but another issue I just found is that I can only copy and paste from my notepad.
    « Last Edit: July 19, 2012, 05:26:53 AM by Allan »

    Allan

    • Moderator

    • Mastermind
    • Thanked: 1062
      • Forum Administrator
    • Experience: Guru
    • OS: Windows 7
    Re: I think my system is infected
    « Reply #1 on: July 19, 2012, 05:27:22 AM »
    I deleted the cf log. Please follow the instructions in the following link and post the requested logs:
    http://www.computerhope.com/forum/index.php/topic,46313.0.html

    roco

      Topic Starter


      Rookie

      Re: I think my system is infected
      « Reply #2 on: July 19, 2012, 07:51:06 AM »
      Hi, thanks for responding and I will follow this link provided. But since I am missing files from that combofix scan, should I just do a system restore, and then proceed?  Or should I just proceed, and we will worry about those files later?

      roco

        Topic Starter


        Rookie

        Re: I think my system is infected
        « Reply #3 on: July 19, 2012, 11:35:39 AM »
        Ok I just went ahead and followed those instructions in the other link and here is the result.

        I have avast, but after I ran Combofix I could not run Avast at all. I followed your instructions and reinstalled Avast and I get the same result. I am thinking Combofix has deleted whatever Avast needs to run.
        =========================================================

        My windows firewall has been disabled since the Combofix scan. It will not let me enable it now. "It say Window Firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows Firewall/Internet Connections (ISC) service?"
        I click "yes" and it says. "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.
        =========================================================

        SUPERAntiSyware

        SUPERAntiSpyware Scan Log
        http://www.superantispyware.com

        Generated 07/19/2012 at 11:42 AM

        Application Version : 5.1.1002

        Core Rules Database Version : 8926
        Trace Rules Database Version: 6738

        Scan type       : Complete Scan
        Total Scan Time : 01:50:31

        Operating System Information
        Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
        Administrator

        Memory items scanned      : 311
        Memory threats detected   : 0
        Registry items scanned    : 36012
        Registry threats detected : 0
        File items scanned        : 87651
        File threats detected     : 272

        Adware.Tracking Cookie
           .histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .banners.blacksexmatch.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .kontera.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.extremevidsxxx.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .atdmt.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .atdmt.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           mediaservices-d.openxenterprise.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .specificclick.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .estat.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .xiti.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .revsci.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .2o7.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ru4.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .apmebf.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .fastclick.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .apmebf.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .histats.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           secure.*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .pro-market.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           blog.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.adxpansion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .revsci.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .banners.blacksexmatch.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .banners.blacksexmatch.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .banners.blacksexmatch.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .banners.blacksexmatch.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .banners.blacksexmatch.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.eyemedias.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           tracking.hostgator.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .poponclick.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .poponclick.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .poponclick.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ru4.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .revsci.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adinterax.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           media.charter.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tacoda.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .revsci.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .revsci.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adinterax.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .exoclick.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .exoclick.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .advertising.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .zedo.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .realmedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .*adult URL* [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastle.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           accounts.google.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .collective-media.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .adbrite.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           www.porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .porncastlecams.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .sexad.net [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
           .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\NEWUSER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JTPBKL07.DEFAULT\COOKIES.SQLITE ]
        ================================================

        Again I had malewarebytes, but since my combo fix scan I can not open this anymore. It reads "Run-time error '372' Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application."
        As I tried to un-install malewarebytes I got the same error over and over, I just keep pushing ok and it says the it was successful uninstall. I go to install again and it say the folder is still there, and I get the same error when I try to run it again.

        ================================================

        Java is up to date.

        ================================================

        D.D.S

        .
        DDS (Ver_2011-08-26.01) - NTFSx86
        Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 10.5.1
        Run by NewUser at 12:24:13 on 2012-07-19
        .
        ============== Running Processes ===============
        .
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\AVAST Software\Avast\avastUI.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Mozilla Firefox\plugin-container.exe
        C:\Documents and Settings\NewUser\Desktop\Extreme Folder\dds.scr
        C:\WINDOWS\system32\svchost.exe -k DcomLaunch
        C:\WINDOWS\System32\svchost.exe -k netsvcs
        C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
        C:\WINDOWS\System32\svchost.exe -k NetworkService
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\System32\svchost.exe -k LocalService
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://start.icq.com/
        uInternet Settings,ProxyOverride = *.local
        uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
        BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
        BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
        BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
        TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
        EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
        uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
        mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
        mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
        dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
        dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
        IE: Download with &Media Finder - c:\program files\media finder\hook.html
        IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
        IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
        IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
        IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
        DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154394226250
        DPF: {82836898-30F4-4813-9A2F-120C012E44E7} - hxxp://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab
        DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
        DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} - (local)
        Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
        Notify: AtiExtEvent - Ati2evxx.dll
        SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
        SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - c:\documents and settings\newuser\application data\mozilla\firefox\profiles\jtpbkl07.default\
        FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
        FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
        FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
        FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
        FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
        FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
        FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
        FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
        FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
        FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
        FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
        FF - plugin: c:\windows\system32\npDeployJava1.dll
        FF - plugin: c:\windows\system32\npptools.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R? !SASCORE;SAS Core Service
        R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
        R? avast! Antivirus;avast! Antivirus
        R? EraserUtilRebootDrv;EraserUtilRebootDrv
        R? hasplms;HASP License Manager
        R? ICQ Service;ICQ Service
        R? McComponentHostService;McAfee Security Scan Component Host Service
        R? MozillaMaintenance;Mozilla Maintenance Service
        R? SwitchBoard;SwitchBoard
        S? aswFsBlk;aswFsBlk
        S? aswSnx;aswSnx
        S? aswSP;aswSP
        S? MBAMSwissArmy;MBAMSwissArmy
        S? SASDIFSV;SASDIFSV
        S? SASKUTIL;SASKUTIL
        .
        =============== Created Last 30 ================
        .
        2012-07-19 19:17:38   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2012-07-19 19:17:28   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2012-07-19 16:15:40   721000   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
        2012-07-19 16:14:46   41224   ----a-w-   c:\windows\avastSS.scr
        2012-07-18 00:22:51   --------   d-s---w-   C:\commy.exe
        2012-07-17 22:59:19   --------   d-sha-r-   C:\cmdcons
        2012-07-17 22:56:31   98816   ----a-w-   c:\windows\sed.exe
        2012-07-17 22:56:31   518144   ----a-w-   c:\windows\SWREG.exe
        2012-07-17 22:56:31   256000   ----a-w-   c:\windows\PEV.exe
        2012-07-17 22:56:31   208896   ----a-w-   c:\windows\MBR.exe
        2012-07-15 22:38:04   --------   d-----w-   c:\documents and settings\newuser\application data\Media Finder
        2012-07-01 03:45:42   --------   d-----w-   c:\documents and settings\newuser\local settings\application data\Sun
        2012-07-01 03:44:20   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
        2012-07-01 03:44:20   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
        2012-07-01 03:07:33   --------   d-----w-   c:\program files\Oracle
        2012-07-01 03:07:08   143872   ----a-w-   c:\windows\system32\javacpl.cpl
        2012-07-01 03:07:07   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
        .
        ==================== Find3M  ====================
        .
        2012-06-02 22:19:44   22040   ----a-w-   c:\windows\system32\wucltui.dll.mui
        2012-06-02 22:19:38   219160   ----a-w-   c:\windows\system32\wuaucpl.cpl
        2012-06-02 22:19:38   15384   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
        2012-06-02 22:19:34   15384   ----a-w-   c:\windows\system32\wuapi.dll.mui
        2012-06-02 22:19:30   17944   ----a-w-   c:\windows\system32\wuaueng.dll.mui
        2012-06-02 22:18:58   275696   ----a-w-   c:\windows\system32\mucltui.dll
        2012-06-02 22:18:58   214256   ----a-w-   c:\windows\system32\muweb.dll
        2012-06-02 22:18:58   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
        2012-05-05 02:29:16   687504   ----a-w-   c:\windows\system32\deployJava1.dll
        .
        ============= FINISH: 12:25:04.81 ===============



        SuperDave

        • Malware Removal Specialist


        • Sage
        • Thanked: 848
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: I think my system is infected
        « Reply #4 on: July 19, 2012, 05:05:43 PM »
        Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

        1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
        2. The fixes are specific to your problem and should only be used for this issue on this machine.
        3. If you don't know or understand something, please don't hesitate to ask.
        4. Please DO NOT run any other tools or scans while I am helping you.
        5. It is important that you reply to this thread. Do not start a new topic.
        6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
        7. Absence of symptoms does not mean that everything is clear.

        If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
        *************************************************************************
        Quote
        I followed your instructions and reinstalled Avast and I get the same result. I am thinking Combofix has deleted whatever Avast needs to run.
        If you re-installed Avast, everything should be there.

        Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
        Save Rkill to your desktop.

        There are 7 different versions. If one of them won't run then download and try to run the other one.
         
        Vista and Win7 users need to right click Rkill and choose Run as Administrator
         

        You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

        * Rkill.exe
        * Rkill.com
        * Rkill.scr
        * WiNlOgOn.exe
        * uSeRiNiT.exe
        * iExplore.exe
        * eXplorer.exe
        Once you've gotten one of them to run then try to immediately run the following.
        *****************************************************
        I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

        If you would like to uninstall it, do so as follows:

        Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.
        **********************************************************
        Please try running MBAM in Safe Mode to see if it will work.
        You should not run ComboFix without the supervision of an expert. Now the say you ran it did you get a log from the ComboFix. You can look in C: Combofix to find a log.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

        roco

          Topic Starter


          Rookie

          Re: I think my system is infected
          « Reply #5 on: July 19, 2012, 05:56:20 PM »
          Hi and thanks for helping me out with this Super Dave.

          I ran RKIll and nothing was found.
          ============================

          I tried to run MBAM and I get the same "runtime error 372" error.

          ==============================

          Ok here are the combofix files, along with the quarantine files.


          ComboFix 12-07-16.01 - NewUser 07/17/2012  16:01:57.3.2 - x86
          Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1535.1020 [GMT -7:00]
          Running from: c:\documents and settings\NewUser\My Documents\Downloads\commy.exe.exe
          AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
          .
          .
          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          C:\commy.exe
          c:\commy.exe\023.dat
          c:\commy.exe\023v.dat
          c:\commy.exe\023w7.dat
          c:\commy.exe\AppDataFile.cfx
          c:\commy.exe\AppDataFolder.cfx
          c:\commy.exe\appinit.bad
          c:\commy.exe\asp.str
          c:\commy.exe\Assoc.cmd
          c:\commy.exe\ATTRIB.cfxxe
          c:\commy.exe\Auto-RC.cmd
          c:\commy.exe\av.cmd
          c:\commy.exe\av.vbs
          c:\commy.exe\AWF.cmd
          c:\commy.exe\badclsid.c
          c:\commy.exe\Boot-Rk.cmd
          c:\commy.exe\Boot.bat
          c:\commy.exe\BootDrv.vbs
          c:\commy.exe\c.bat
          c:\commy.exe\c.mrk
          c:\commy.exe\Catch-sub.cmd
          c:\commy.exe\catchme.cfxxe
          c:\commy.exe\CCS.bat
          c:\commy.exe\CF-Script.cmd
          c:\commy.exe\CF27121.cfxxe
          c:\commy.exe\CFVersionOld
          c:\commy.exe\CHCP.bat
          c:\commy.exe\clsid.c
          c:\commy.exe\Combobatch.bat
          c:\commy.exe\ComboFix-Download.cfxxe
          c:\commy.exe\Create.cmd
          c:\commy.exe\Creg.dat
          c:\commy.exe\CregC.cmd
          c:\commy.exe\CregC.dat
          c:\commy.exe\CSCRIPT.cfxxe
          c:\commy.exe\CSet.cmd
          c:\commy.exe\dd.cfxxe
          c:\commy.exe\ddsDo.sed
          c:\commy.exe\DelClsid.bat
          c:\commy.exe\DelClsid64.bat
          c:\commy.exe\desktop.ini
          c:\commy.exe\DesktopFile.cfx
          c:\commy.exe\DPF.str
          c:\commy.exe\DrvRun.vbs
          c:\commy.exe\dumphive.cfxxe
          c:\commy.exe\embedded.sed
          c:\commy.exe\ERDNT.e_e
          c:\commy.exe\ERDNTDOS.LOC
          c:\commy.exe\ERDNTWIN.LOC
          c:\commy.exe\ERUNT.cfxxe
          c:\commy.exe\erunt.dat
          c:\commy.exe\ERUNT.LOC
          c:\commy.exe\Exe.reg
          c:\commy.exe\extract.cfxxe
          c:\commy.exe\FavoriteFolder.cfx
          c:\commy.exe\FavoritesFile.cfx
          c:\commy.exe\FD-SV.cmd
          c:\commy.exe\ffdefstr.dll
          c:\commy.exe\FileKill.cfxxe
          c:\commy.exe\files.pif
          c:\commy.exe\Fin.dat
          c:\commy.exe\FIND3M.bat
          c:\commy.exe\FIXLSP.bat
          c:\commy.exe\FKMGen.cmd
          c:\commy.exe\ForeignWht
          c:\commy.exe\GetHive.cmd
          c:\commy.exe\grep.cfxxe
          c:\commy.exe\gsar.cfxxe
          c:\commy.exe\handle.cfxxe
          c:\commy.exe\hidec.exe
          c:\commy.exe\history.bat
          c:\commy.exe\hwid.pif
          c:\commy.exe\iexplore.exe
          c:\commy.exe\image001.gif
          c:\commy.exe\Imefile.dat
          c:\commy.exe\Install-RC.cmd
          c:\commy.exe\katch.cmd
          c:\commy.exe\Kill-All.cmd
          c:\commy.exe\kmd.dat
          c:\commy.exe\Lang.bat
          c:\commy.exe\List-B.bat
          c:\commy.exe\List-C.bat
          c:\commy.exe\List-D.bat
          c:\commy.exe\List.bat
          c:\commy.exe\lnkread.vbs
          c:\commy.exe\LocalAppDataFile.cfx
          c:\commy.exe\LocalAppDataFolder.cfx
          c:\commy.exe\LocalService.dat
          c:\commy.exe\LocalServiceNetworkRestricted.dat
          c:\commy.exe\LocalSettingsFile.cfx
          c:\commy.exe\LocalSystemNetworkRestricted.dat
          c:\commy.exe\mbr.cfxxe
          c:\commy.exe\mbr.chk
          c:\commy.exe\md5sum.pif
          c:\commy.exe\Mirrors
          c:\commy.exe\MoveIt.bat
          c:\commy.exe\mtee.cfxxe
          c:\commy.exe\MtPt00
          c:\commy.exe\mynul.dat
          c:\commy.exe\n.pif
          c:\commy.exe\N_\10804
          c:\commy.exe\N_\15753
          c:\commy.exe\N_\16375
          c:\commy.exe\N_\17540
          c:\commy.exe\N_\17845
          c:\commy.exe\N_\18166
          c:\commy.exe\N_\19427
          c:\commy.exe\N_\21633
          c:\commy.exe\N_\25232
          c:\commy.exe\N_\25314
          c:\commy.exe\N_\25494
          c:\commy.exe\N_\2833
          c:\commy.exe\N_\30135
          c:\commy.exe\N_\31687
          c:\commy.exe\N_\3245
          c:\commy.exe\N_\4167
          c:\commy.exe\N_\7523
          c:\commy.exe\N_\8204
          c:\commy.exe\N_\pingtest
          c:\commy.exe\ncmd.com
          c:\commy.exe\ND_.bat
          c:\commy.exe\ndis_combofix.dat
          c:\commy.exe\netsvc.bad.dat
          c:\commy.exe\netsvc.dat
          c:\commy.exe\netsvc.vista.dat
          c:\commy.exe\netsvc.xp.dat
          c:\commy.exe\NetworkService.dat
          c:\commy.exe\NirCmd.cfxxe
          c:\commy.exe\NircmdB.exe
          c:\commy.exe\NirCmdC.cfxxe
          c:\commy.exe\NlsLanguageDefault
          c:\commy.exe\NT-OS.cmd
          c:\commy.exe\NULL
          c:\commy.exe\OSid.vbs
          c:\commy.exe\OsVer
          c:\commy.exe\pausep.cfxxe
          c:\commy.exe\PersonalFile.cfx
          c:\commy.exe\PersonalFolder.cfx
          c:\commy.exe\PEV.cfxxe
          c:\commy.exe\pev.exe
          c:\commy.exe\PING.cfxxe
          c:\commy.exe\Policies.dat
          c:\commy.exe\powp.dat
          c:\commy.exe\Prep.inf
          c:\commy.exe\ProfilesFile.cfx
          c:\commy.exe\ProfilesFolder.cfx
          c:\commy.exe\ProgramsFile.cfx
          c:\commy.exe\ProgramsFolder.cfx
          c:\commy.exe\Purity.dat
          c:\commy.exe\PV.cfxxe
          c:\commy.exe\pv.com
          c:\commy.exe\RCLink.dat
          c:\commy.exe\REGDACL.sed
          c:\commy.exe\RegDo.sed
          c:\commy.exe\region.dat
          c:\commy.exe\RegScan.cmd
          c:\commy.exe\RegScan64.cmd
          c:\commy.exe\Resident.txt
          c:\commy.exe\restore_pt.vbs
          c:\commy.exe\Rkey.cmd
          c:\commy.exe\rmbr.cfxxe
          c:\commy.exe\rogues.dat
          c:\commy.exe\ROUTE.cfxxe
          c:\commy.exe\run2.sed
          c:\commy.exe\Rust.str
          c:\commy.exe\s0rt.cfxxe
          c:\commy.exe\safeboot.dat
          c:\commy.exe\safeboot.def.dat
          c:\commy.exe\safeboot.def.vista.dat
          c:\commy.exe\Safeboot.def.w7.dat
          c:\commy.exe\sed.cfxxe
          c:\commy.exe\SetEnvmt.bat
          c:\commy.exe\setpath.cfxxe
          c:\commy.exe\SF.exe
          c:\commy.exe\sfx.cmd
          c:\commy.exe\SnapShot.cmd
          c:\commy.exe\SRestore.cmd
          c:\commy.exe\srizbi.md5
          c:\commy.exe\Start_dat
          c:\commy.exe\StartMenuFile.cfx
          c:\commy.exe\StartMenuFolder.cfx
          c:\commy.exe\StartUpFile.cfx
          c:\commy.exe\SuppScan.cmd
          c:\commy.exe\svc_wht.dat
          c:\commy.exe\SvcDrv.vbs
          c:\commy.exe\svchost.dat
          c:\commy.exe\svchost.vista.dat
          c:\commy.exe\svchost.vista.x64.dat
          c:\commy.exe\svchost.w7.dat
          c:\commy.exe\svchost.w7.x64.dat
          c:\commy.exe\SWREG.cfxxe
          c:\commy.exe\swreg.exe
          c:\commy.exe\swsc.cfxxe
          c:\commy.exe\swxcacls.cfxxe
          c:\commy.exe\system_ini.dat
          c:\commy.exe\tail.cfxxe
          c:\commy.exe\TemplatesFile.cfx
          c:\commy.exe\TemplatesFolder.cfx
          c:\commy.exe\toolbar.sed
          c:\commy.exe\Update-CF.cmd
          c:\commy.exe\VerCF.bat
          c:\commy.exe\version.txt
          c:\commy.exe\VInfo
          c:\commy.exe\VInfo2
          c:\commy.exe\Vipev.dat
          c:\commy.exe\vistaMcode.dat
          c:\commy.exe\vistareg.dat
          c:\commy.exe\vun.dat
          c:\commy.exe\VwinTemp.dacl
          c:\commy.exe\w_sock.dll
          c:\commy.exe\w2k_sock.dll
          c:\commy.exe\w2kreg.dat
          c:\commy.exe\w7Mcode.dat
          c:\commy.exe\w7reg.dat
          c:\commy.exe\Wmi_rem.vbs
          c:\commy.exe\XP.mac
          c:\commy.exe\xpmcode.dat
          c:\commy.exe\xpreg.dat
          c:\commy.exe\XPSBoot.reg
          c:\commy.exe\zDomain.dat
          c:\commy.exe\zhsvc.dat
          c:\commy.exe\zip.cfxxe
          c:\documents and settings\All Users\Application Data\D0D8791290.sys
          .
          .
          (((((((((((((((((((((((((   Files Created from 2012-06-17 to 2012-07-17  )))))))))))))))))))))))))))))))
          .
          .
          2012-07-15 22:38 . 2012-07-16 14:23   --------   d-----w-   c:\documents and settings\NewUser\Application Data\Media Finder
          2012-07-01 03:45 . 2012-07-01 03:45   --------   d-----w-   c:\documents and settings\NewUser\Local Settings\Application Data\Sun
          2012-07-01 03:44 . 2012-07-15 05:44   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
          2012-07-01 03:44 . 2012-07-15 05:44   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
          2012-07-01 03:07 . 2012-07-01 03:07   --------   d-----w-   c:\program files\Oracle
          2012-07-01 03:07 . 2012-07-01 03:07   --------   d-----w-   c:\documents and settings\NewUser\Application Data\Oracle
          2012-07-01 03:07 . 2012-05-05 02:29   143872   ----a-w-   c:\windows\system32\javacpl.cpl
          2012-07-01 03:07 . 2012-05-05 02:29   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2012-07-03 20:46 . 2010-09-14 18:21   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
          2012-06-02 22:19 . 2010-02-12 16:06   22040   ----a-w-   c:\windows\system32\wucltui.dll.mui
          2012-06-02 22:19 . 2010-02-12 16:06   15384   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
          2012-06-02 22:19 . 2006-03-10 22:32   329240   ----a-w-   c:\windows\system32\wucltui.dll
          2012-06-02 22:19 . 2006-03-10 22:32   219160   ----a-w-   c:\windows\system32\wuaucpl.cpl
          2012-06-02 22:19 . 2006-03-10 22:32   210968   ----a-w-   c:\windows\system32\wuweb.dll
          2012-06-02 22:19 . 2010-02-12 16:06   15384   ----a-w-   c:\windows\system32\wuapi.dll.mui
          2012-06-02 22:19 . 2006-03-10 22:32   35864   ----a-w-   c:\windows\system32\wups.dll
          2012-06-02 22:19 . 2006-03-07 22:40   53784   ----a-w-   c:\windows\system32\wuauclt.exe
          2012-06-02 22:19 . 2005-05-26 12:16   45080   ----a-w-   c:\windows\system32\wups2.dll
          2012-06-02 22:19 . 2003-03-31 12:00   97304   ----a-w-   c:\windows\system32\cdm.dll
          2012-06-02 22:19 . 2010-02-12 16:06   17944   ----a-w-   c:\windows\system32\wuaueng.dll.mui
          2012-06-02 22:19 . 2006-03-10 22:32   577048   ----a-w-   c:\windows\system32\wuapi.dll
          2012-06-02 22:19 . 2006-03-07 22:40   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
          2012-06-02 22:18 . 2010-02-12 16:06   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
          2012-06-02 22:18 . 2006-08-02 02:08   275696   ----a-w-   c:\windows\system32\mucltui.dll
          2012-06-02 22:18 . 2005-05-26 11:19   214256   ----a-w-   c:\windows\system32\muweb.dll
          2012-05-05 02:29 . 2010-09-14 18:28   687504   ----a-w-   c:\windows\system32\deployJava1.dll
          2006-09-05 00:59 . 2006-09-05 00:59   34384   ----a-w-   c:\program files\mozilla firefox\plugins\atgpcdec.dll
          2006-09-05 00:59 . 2006-09-05 00:59   93848   ----a-w-   c:\program files\mozilla firefox\plugins\atgpcext.dll
          2012-06-17 19:42 . 2012-04-18 05:49   85472   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
          .
          .
          ------- Sigcheck -------
          Note: Unsigned files aren't necessarily malware.
          .
          [-] 2011-11-02 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
          [-] 2011-11-02 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
          [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
          [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
          [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
          [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
          [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys
          [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
          [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
          [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
          [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
          [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
          .
          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
          @="{472083B0-C522-11CF-8763-00608CC02F24}"
          [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
          2011-11-28 18:01   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
          .
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "SetDefaultMidi"="MIDIDEF.EXE" [2003-06-20 49152]
          .
          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-03 113024]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
          .
          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
          BootExecute   REG_MULTI_SZ      autocheck autochk *\0SsiEfr.e
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
          @=""
          .
          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
          backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
          c:\windows\system32\dumprep 0 -k [X]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
          2012-01-03 07:37   843712   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          2011-09-05 17:04   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
          2010-03-06 10:44   500208   ----a-w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
          2010-02-22 11:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
          2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
          2007-04-09 19:32   19456   ----a-w-   c:\windows\system32\CtHelper.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
          2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
          2011-01-05 08:18   133432   ----a-w-   c:\program files\ICQ7.2\ICQ.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
          2011-03-07 22:33   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
          2010-01-12 06:17   13666408   ----a-w-   c:\windows\system32\nvcpl.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
          2010-01-12 06:17   110696   ----a-w-   c:\windows\system32\nvmctray.dll
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          2010-11-30 00:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
          2003-07-15 20:36   319488   ----a-w-   c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
          2003-10-21 18:43   868352   ----a-w-   c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
          2003-05-02 02:44   65536   ----a-w-   c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
          2012-01-17 18:07   252296   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
          2010-02-19 20:37   517096   ----a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "YahooAUService"=2 (0x2)
          "SwitchBoard"=3 (0x3)
          "PrismXL"=2 (0x2)
          "MDM"=2 (0x2)
          "JavaQuickStarterService"=2 (0x2)
          "iPod Service"=3 (0x3)
          "idsvc"=3 (0x3)
          "IDriverT"=3 (0x3)
          "ICQ Service"=2 (0x2)
          "hasplms"=2 (0x2)
          "Bonjour Service"=2 (0x2)
          "Ati HotKey Poller"=2 (0x2)
          "Apple Mobile Device"=2 (0x2)
          "nvsvc"=2 (0x2)
          "gupdate"=2 (0x2)
          "FLEXnet Licensing Service"=3 (0x3)
          "WMPNetworkSvc"=3 (0x3)
          "McComponentHostService"=3 (0x3)
          "!SASCORE"=2 (0x2)
          "AdobeFlashPlayerUpdateSvc"=3 (0x3)
          .
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
          "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
          "c:\\Program Files\\ICQ7.2\\ICQ.exe"=
          "c:\\Program Files\\ICQ7.2\\aolload.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=
          .
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "1947:TCP"= 1947:TCP:HASP SRM
          "1947:UDP"= 1947:UDP:HASP SRM
          .
          R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/9/2012 10:03 PM 435032]
          R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/9/2012 10:03 PM 314456]
          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
          R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/9/2012 10:03 PM 20568]
          S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/13/2010 9:22 AM 102448]
          S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 5:53 PM 113120]
          S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
          S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
          S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/30/2012 8:44 PM 250056]
          S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
          S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9/3/2010 1:13 PM 246520]
          S4 McComponentHostService;McAfee Security Scan Component Host Service;

          S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
          .
          --- Other Services/Drivers In Memory ---
          .
          *NewlyCreated* - 79875281
          *Deregistered* - 79875281
          .
          Contents of the 'Scheduled Tasks' folder
          .
          2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
          - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 05:44]
          .
          2012-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://start.icq.com/
          uInternet Settings,ProxyOverride = *.local
          IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
          TCP: DhcpNameServer = 192.168.1.1
          DPF: {82836898-30F4-4813-9A2F-120C012E44E7} - hxxp://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab
          DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
          DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} - (local)
          FF - ProfilePath - c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\jtpbkl07.default\
          FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
          FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
          .
          - - - - ORPHANS REMOVED - - - -
          .
          BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - (no file)
          Toolbar-10 - (no file)
          HKCU-Run-Media Finder - c:\program files\Media Finder\Media Finder.exe
          ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
          AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
          .
          .
          .
          **************************************************************************
          .
          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2012-07-17 16:18
          Windows 5.1.2600 Service Pack 3 NTFS
          .
          scanning hidden processes ... 
          .
          scanning hidden autostart entries ...
          .
          scanning hidden files ... 
          .
          scan completed successfully
          hidden files: 0
          .
          **************************************************************************
          .
          --------------------- LOCKED REGISTRY KEYS ---------------------
          .
          [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
          @DACL=(02 0000)
          @="802.3 Group Policy"
          "DisplayName"=expand:"@dot3gpclnt.dll,-100"
          "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
          "GenerateGroupPolicy"="GenerateLANPolicy"
          "DllName"=expand:"dot3gpclnt.dll"
          "NoUserPolicy"=dword:00000001
          "NoGPOListChanges"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
          @DACL=(02 0000)
          @="Microsoft Offline Files"
          "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
          "EnableAsynchronousProcessing"=dword:00000000
          "NoBackgroundPolicy"=dword:00000000
          "NoGPOListChanges"=dword:00000000
          "NoMachinePolicy"=dword:00000000
          "NoSlowLink"=dword:00000000
          "NoUserPolicy"=dword:00000001
          "PerUserLocalSettings"=dword:00000000
          "ProcessGroupPolicy"="ProcessGroupPolicy"
          "RequiresSuccessfulRegistry"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
          @DACL=(02 0000)
          "Asynchronous"=dword:00000001
          "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
          "Startup"="WlDimsStartup"
          "Shutdown"="WlDimsShutdown"
          "Logon"="WlDimsLogon"
          "Logoff"="WlDimsLogoff"
          "StartShell"="WlDimsStartShell"
          "Lock"="WlDimsLock"
          "Unlock"="WlDimsUnlock"
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------
          .
          - - - - - - - > 'winlogon.exe'(612)
          c:\program files\SUPERAntiSpyware\SASWINLO.DLL
          c:\windows\system32\WININET.dll
          c:\windows\system32\Ati2evxx.dll
          .
          Completion time: 2012-07-17  16:24:06
          ComboFix-quarantined-files.txt  2012-07-17 23:24
          .
          Pre-Run: 26,603,859,968 bytes free
          Post-Run: 26,551,021,568 bytes free
          .
          WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
          [boot loader]
          timeout=2
          default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
          [operating systems]
          c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
          UnsupportedDebug="do not select this" /debug
          multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
          .
          - - End Of File - - 1009F63F29C0FCB0845096CF47D7482D
          ===========================================================================

          Ok here are quarantine files

          2012-07-17 23:23:16 . 2012-07-17 23:23:16            1,186 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-KB923789.reg.dat
          2012-07-17 23:22:05 . 2012-07-17 23:22:05              161 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034}.reg.dat
          2012-07-17 23:21:24 . 2012-07-17 23:21:24              163 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Media Finder.reg.dat
          2012-07-17 23:21:19 . 2012-07-17 23:21:19               78 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
          2012-07-17 23:21:16 . 2012-07-17 23:21:17              783 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}.reg.dat
          2012-07-17 23:09:58 . 2012-07-17 23:09:58            5,843 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
          2012-07-17 22:55:15 . 2012-07-17 22:55:15                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\21633.vir
          2012-07-17 22:55:15 . 2012-07-17 22:55:15                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\4167.vir
          2012-07-17 22:55:15 . 2012-07-17 22:55:15               87 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\17845.vir
          2012-07-17 22:55:07 . 2012-07-17 22:55:07                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\25232.vir
          2012-07-17 22:55:06 . 2012-07-17 22:55:06                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\15753.vir
          2012-07-17 22:55:05 . 2012-07-17 22:55:07               35 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\version.txt.vir
          2012-07-17 22:55:05 . 2012-07-17 22:55:05                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\25314.vir
          2012-07-17 22:55:05 . 2012-07-17 22:55:05               74 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Mirrors.vir
          2012-07-17 22:55:05 . 2012-07-17 22:55:05              199 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\10804.vir
          2012-07-17 22:55:04 . 2012-07-17 22:55:05              379 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\18166.vir
          2012-07-17 22:55:03 . 2012-07-17 22:55:04               66 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\pingtest.vir
          2012-07-17 22:55:03 . 2012-07-17 22:55:03                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\7523.vir
          2012-07-17 22:55:02 . 2012-07-17 22:55:02              880 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ForeignWht.vir
          2012-07-17 22:55:02 . 2012-07-17 22:55:02                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\17540.vir
          2012-07-17 22:55:02 . 2012-07-17 22:55:02                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\16375.vir
          2012-07-17 22:55:02 . 2012-07-17 22:55:02                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\8204.vir
          2012-07-17 22:54:59 . 2012-07-17 22:54:59                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\25494.vir
          2012-07-17 22:54:59 . 2012-07-17 22:54:59               10 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\erunt.dat.vir
          2012-07-17 22:54:59 . 2012-07-17 22:54:59            1,544 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\19427.vir
          2012-07-17 22:54:59 . 2012-07-17 22:54:59               24 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\2833.vir
          2012-07-17 22:54:59 . 2012-07-17 22:56:25              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
          2012-07-17 22:54:59 . 2012-07-17 22:54:59               15 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\kmd.dat.vir
          2012-07-17 22:54:59 . 2012-07-17 22:54:59                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\31687.vir
          2012-07-17 22:54:58 . 2012-07-17 22:54:59               91 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CCS.bat.vir
          2012-07-17 22:54:58 . 2012-07-17 22:54:58                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\c.mrk.vir
          2012-07-17 22:54:58 . 2012-07-17 22:54:58                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\3245.vir
          2012-07-17 22:54:58 . 2012-07-17 22:54:58                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NULL.vir
          2012-07-17 22:54:58 . 2012-07-17 22:54:58               24 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\N_\30135.vir
          2012-07-17 22:54:56 . 2012-07-17 22:54:56                2 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Start_dat.vir
          2012-07-17 22:54:56 . 2012-07-17 22:53:41          389,120 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CF27121.cfxxe.vir
          2012-07-17 22:54:26 . 2012-07-17 22:54:55               80 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Resident.txt.vir
          2012-07-17 22:54:24 . 2003-03-31 12:00:00           19,968 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ROUTE.cfxxe.vir
          2012-07-17 22:54:24 . 2008-04-14 00:12:31           17,920 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\PING.cfxxe.vir
          2012-07-17 22:54:24 . 2008-05-07 09:07:23          135,168 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CSCRIPT.cfxxe.vir
          2012-07-17 22:54:23 . 2008-04-14 00:12:12           12,288 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ATTRIB.cfxxe.vir
          2012-07-17 22:54:23 . 2012-07-17 22:54:25               14 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\sfx.cmd.vir
          2012-07-17 22:54:14 . 2012-07-17 22:54:15               13 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CFVersionOld.vir
          2012-07-17 22:54:13 . 2012-07-17 22:54:13                6 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NlsLanguageDefault.vir
          2012-07-17 22:54:12 . 2012-07-17 22:54:13               16 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CHCP.bat.vir
          2012-07-17 22:54:08 . 2010-04-26 22:58:12          256,512 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\PEV.cfxxe.vir
          2012-07-17 22:54:03 . 2009-04-20 19:56:28           31,232 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NircmdB.exe.vir
          2012-07-17 22:53:53 . 2000-08-31 15:00:00          161,792 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SWREG.cfxxe.vir
          2012-07-17 22:53:53 . 2012-07-17 22:54:56              305 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\VerCF.bat.vir
          2012-07-17 22:53:52 . 2012-07-17 22:53:52              164 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\MtPt00.vir
          2012-07-17 22:53:52 . 2012-07-17 22:53:52               43 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\OsVer.vir
          2012-07-17 22:53:52 . 2012-07-17 22:53:52               40 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\XP.mac.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            1,057 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\image001.gif.vir
          2012-07-17 22:52:58 . 2010-12-12 10:38:01            1,127 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Wmi_rem.vbs.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            2,176 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SvcDrv.vbs.vir
          2012-07-17 22:52:58 . 2010-12-16 08:49:01            3,246 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\lnkread.vbs.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              977 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\OSid.vbs.vir
          2012-07-17 22:52:58 . 2009-05-02 05:26:10              587 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\restore_pt.vbs.vir
          2012-07-17 22:52:58 . 2010-04-19 09:44:24              650 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\DrvRun.vbs.vir
          2012-07-17 22:52:58 . 2010-12-16 06:02:05            2,933 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\av.vbs.vir
          2012-07-17 22:52:58 . 2010-07-27 23:55:16              875 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\BootDrv.vbs.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              746 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\DPF.str.vir
          2012-07-17 22:52:58 . 2009-06-10 18:38:44               30 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Rust.str.vir
          2012-07-17 22:52:58 . 2009-07-14 06:09:30              602 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\asp.str.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              287 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\run2.sed.vir
          2012-07-17 22:52:58 . 2009-10-30 20:26:54              633 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\toolbar.sed.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              303 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\embedded.sed.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            3,558 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\REGDACL.sed.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            9,203 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\RegDo.sed.vir
          2012-07-17 22:52:58 . 2009-05-25 16:59:50            7,983 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ddsDo.sed.vir
          2012-07-17 22:52:58 . 2010-02-03 01:41:38           13,090 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\XPSBoot.reg.vir
          2012-07-17 22:52:58 . 2010-12-09 09:37:54           14,517 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Exe.reg.vir
          2012-07-17 22:52:58 . 2011-01-26 15:11:44            6,494 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\md5sum.pif.vir
          2012-07-17 22:52:58 . 2009-04-20 19:56:28           31,232 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\n.pif.vir
          2012-07-17 22:52:58 . 2010-07-15 07:44:50           74,529 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\hwid.pif.vir
          2012-07-17 22:52:58 . 2011-01-26 15:11:43            3,129 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\files.pif.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            3,275 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ERDNTWIN.LOC.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            4,090 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ERUNT.LOC.vir
          2012-07-17 22:52:58 . 2011-01-25 20:01:45          270,912 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\srizbi.md5.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            2,815 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ERDNTDOS.LOC.vir
          2012-07-17 22:52:58 . 2005-10-21 03:02:28          163,328 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ERDNT.e_e.vir
          2012-07-17 22:52:58 . 2011-01-26 03:29:46           47,190 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\zhsvc.dat.vir
          2012-07-17 22:52:58 . 2010-06-29 05:47:56           14,107 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\w7reg.dat.vir
          2012-07-17 22:52:58 . 2010-07-23 05:14:44              440 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\xpmcode.dat.vir
          2012-07-17 22:52:58 . 2010-11-25 06:44:58           60,049 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\xpreg.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00           23,773 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\zDomain.dat.vir
          2012-07-17 22:52:58 . 2010-11-25 06:45:14           40,418 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\w2kreg.dat.vir
          2012-07-17 22:52:58 . 2010-07-24 11:20:44              440 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\w7Mcode.dat.vir
          2012-07-17 22:52:58 . 2010-11-25 06:46:02           13,996 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\vistareg.dat.vir
          2012-07-17 22:52:58 . 2010-06-21 11:05:36            7,584 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\vun.dat.vir
          2012-07-17 22:52:58 . 2010-11-27 19:19:42            1,306 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\svchost.w7.x64.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              276 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\system_ini.dat.vir
          2012-07-17 22:52:58 . 2010-05-11 06:30:04              308 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Vipev.dat.vir
          2012-07-17 22:52:58 . 2010-07-27 10:17:22              440 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\vistaMcode.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              555 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\svchost.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              668 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\svchost.vista.dat.vir
          2012-07-17 22:52:58 . 2010-11-27 20:12:00              749 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\svchost.vista.x64.dat.vir
          2012-07-17 22:52:58 . 2009-10-18 19:14:26              956 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\svchost.w7.dat.vir
          2012-07-17 22:52:58 . 2009-10-18 19:00:38              585 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Safeboot.def.w7.dat.vir
          2012-07-17 22:52:58 . 2009-11-29 13:42:26           11,987 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\svc_wht.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              820 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\rogues.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              329 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\safeboot.dat.vir
          2012-07-17 22:52:58 . 2009-06-10 09:25:08            1,464 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\safeboot.def.dat.vir
          2012-07-17 22:52:58 . 2010-11-27 09:53:30              482 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\safeboot.def.vista.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              404 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Purity.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00            7,478 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\RCLink.dat.vir
          2012-07-17 22:52:58 . 2010-09-17 11:03:32            1,153 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\region.dat.vir
          2012-07-17 22:52:58 . 2010-05-13 23:57:52               64 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\powp.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00               88 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NetworkService.dat.vir
          2012-07-17 22:52:58 . 2009-07-06 10:51:10            2,992 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Policies.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              159 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\netsvc.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              481 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\netsvc.vista.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              525 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\netsvc.xp.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              198 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\LocalSystemNetworkRestricted.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00                0 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\mynul.dat.vir
          2012-07-17 22:52:58 . 2009-12-24 23:12:40              283 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ndis_combofix.dat.vir
          2012-07-17 22:52:58 . 2010-04-15 01:21:30              520 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\netsvc.bad.dat.vir
          2012-07-17 22:52:58 . 2010-08-10 11:32:44              677 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Fin.dat.vir
          2012-07-17 22:52:58 . 2010-09-05 14:07:30              224 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Imefile.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00              225 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\LocalService.dat.vir
          2012-07-17 22:52:58 . 2000-08-31 15:00:00               91 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\LocalServiceNetworkRestricted.dat.vir
          2012-07-17 22:52:58 . 2010-04-18 00:21:48              472 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CregC.dat.vir
          2012-07-17 22:52:58 . 2011-01-25 22:23:03          536,104 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Creg.dat.vir
          2012-07-17 22:52:58 . 2010-11-27 10:07:20            2,181 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\023v.dat.vir
          2012-07-17 22:52:58 . 2010-02-13 08:55:28              660 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\023w7.dat.vir
          2012-07-17 22:52:57 . 2010-10-02 09:54:32           40,797 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\023.dat.vir
          2012-07-17 22:52:57 . 2010-08-01 00:05:38              244 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\VwinTemp.dacl.vir
          2012-07-17 22:52:57 . 2010-08-29 18:30:24            2,141 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\mbr.chk.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00           68,096 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\zip.cfxxe.vir
          2012-07-17 22:52:57 . 1999-11-10 15:00:00           35,328 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\tail.cfxxe.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00          212,480 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\swxcacls.cfxxe.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00          136,704 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\swsc.cfxxe.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00           31,014 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\setpath.cfxxe.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00           98,816 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\sed.cfxxe.vir
          2012-07-17 22:52:57 . 1999-11-11 07:00:00           38,400 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\s0rt.cfxxe.vir
          2012-07-17 22:52:57 . 2010-11-08 08:20:24           89,088 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\rmbr.cfxxe.vir
          2012-07-17 22:52:57 . 2002-09-29 20:01:16           68,096 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\pausep.cfxxe.vir
          2012-07-17 22:52:57 . 2009-04-20 19:56:26           30,720 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NirCmdC.cfxxe.vir
          2012-07-17 22:52:57 . 2009-04-20 19:56:28           31,232 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NirCmd.cfxxe.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00           11,264 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\mtee.cfxxe.vir
          2012-07-17 22:52:57 . 2009-10-25 13:11:34           77,312 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\mbr.cfxxe.vir
          2012-07-17 22:52:57 . 2008-11-18 20:15:14          173,936 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\handle.cfxxe.vir
          2012-07-17 22:52:57 . 2000-08-31 15:00:00           15,360 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\gsar.cfxxe.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00           80,412 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\grep.cfxxe.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00          145,920 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FileKill.cfxxe.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00           52,736 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\extract.cfxxe.vir
          2012-07-17 22:52:56 . 2005-10-21 03:00:28          157,696 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ERUNT.cfxxe.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00           51,200 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\dumphive.cfxxe.vir
          2012-07-17 22:52:56 . 2010-08-23 12:14:40          101,376 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\dd.cfxxe.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00          141,312 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ComboFix-Download.cfxxe.vir
          2012-07-17 22:52:56 . 2009-04-18 00:37:10          147,456 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\catchme.cfxxe.vir
          2012-07-17 22:52:56 . 2011-01-18 03:34:28            3,378 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\TemplatesFile.cfx.vir
          2012-07-17 22:52:56 . 2010-12-31 04:25:15               62 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\TemplatesFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-24 14:06:27            4,636 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\StartMenuFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-03 04:20:21              447 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\StartMenuFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-26 15:08:15            8,285 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\StartUpFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-24 23:10:19              798 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ProfilesFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-11 17:12:26            3,933 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ProgramsFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-20 18:30:51           13,498 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ProgramsFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-13 19:37:50            3,589 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\PersonalFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-10 00:40:12              119 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\PersonalFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-25 16:15:51           12,581 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ProfilesFile.cfx.vir
          2012-07-17 22:52:56 . 2010-09-05 23:52:14               20 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FavoriteFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-25 03:40:48            6,461 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FavoritesFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-15 07:45:54            4,250 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\LocalAppDataFile.cfx.vir
          2012-07-17 22:52:56 . 2010-12-31 04:32:49            2,902 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\LocalAppDataFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-10 00:39:45            2,795 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\LocalSettingsFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-20 18:30:41            7,892 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\DesktopFile.cfx.vir
          2012-07-17 22:52:56 . 2011-01-26 15:07:17           13,737 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\AppDataFolder.cfx.vir
          2012-07-17 22:52:56 . 2011-01-26 15:07:22           27,627 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\AppDataFile.cfx.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00            6,760 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\appinit.bad.vir
          2012-07-17 22:52:56 . 2010-09-17 07:30:50            4,327 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\VInfo.vir
          2012-07-17 22:52:56 . 2011-01-24 19:15:33            9,713 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\VInfo2.vir
          2012-07-17 22:52:56 . 2010-08-20 06:16:34            1,024 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Combo-Fix.sys.vir
          2012-07-17 22:52:56 . 2009-06-21 22:34:24           90,202 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\w2k_sock.dll.vir
          2012-07-17 22:52:56 . 2009-06-21 21:45:40           98,948 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\w_sock.dll.vir
          2012-07-17 22:52:56 . 2010-08-30 11:45:49           38,901 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ffdefstr.dll.vir
          2012-07-17 22:52:56 . 2000-08-31 15:00:00          161,792 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\swreg.exe.vir
          2012-07-17 22:52:54 . 2010-04-26 22:58:12          256,512 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\pev.exe.vir
          2012-07-17 22:52:52 . 2009-04-20 19:56:28           31,232 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\iexplore.exe.vir
          2012-07-17 22:52:52 . 2005-08-16 08:54:58            1,536 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\hidec.exe.vir
          2012-07-17 22:52:50 . 2006-03-03 06:42:40           73,728 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\pv.com.vir
          2012-07-17 22:52:50 . 2010-12-25 08:12:32            8,512 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ncmd.com.vir
          2012-07-17 22:52:50 . 2010-12-09 09:39:40            2,898 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Prep.inf.vir
          2012-07-17 22:52:50 . 2011-01-26 15:11:42          266,578 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\clsid.c.vir
          2012-07-17 22:52:50 . 2011-01-26 15:11:42          982,956 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\badclsid.c.vir
          2012-07-17 22:52:50 . 2010-12-22 07:29:05            3,934 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Update-CF.cmd.vir
          2012-07-17 22:52:50 . 2010-12-13 19:34:13           19,948 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SuppScan.cmd.vir
          2012-07-17 22:52:50 . 2010-10-14 18:17:56            4,630 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SnapShot.cmd.vir
          2012-07-17 22:52:50 . 2010-10-21 22:35:38            2,146 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SRestore.cmd.vir
          2012-07-17 22:52:50 . 2009-11-15 12:35:16              442 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Rkey.cmd.vir
          2012-07-17 22:52:50 . 2010-12-23 21:53:34           20,100 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\RegScan64.cmd.vir
          2012-07-17 22:52:50 . 2010-12-23 21:58:21           53,691 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\RegScan.cmd.vir
          2012-07-17 22:52:50 . 2010-10-04 01:37:46            1,695 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Kill-All.cmd.vir
          2012-07-17 22:52:50 . 2010-12-25 06:40:16           37,516 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\NT-OS.cmd.vir
          2012-07-17 22:52:49 . 2010-12-25 06:33:45            1,333 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\katch.cmd.vir
          2012-07-17 22:52:49 . 2010-09-06 06:15:44            8,004 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Install-RC.cmd.vir
          2012-07-17 22:52:49 . 2010-01-04 03:41:36            1,085 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FKMGen.cmd.vir
          2012-07-17 22:52:49 . 2010-10-23 01:02:12            5,979 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\GetHive.cmd.vir
          2012-07-17 22:52:49 . 2010-10-04 10:52:26            3,342 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CregC.cmd.vir
          2012-07-17 22:52:49 . 2009-12-24 04:49:36            1,686 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CSet.cmd.vir
          2012-07-17 22:52:49 . 2011-01-24 19:29:42            8,028 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FD-SV.cmd.vir
          2012-07-17 22:52:49 . 2011-01-11 21:38:58           18,215 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Create.cmd.vir
          2012-07-17 22:52:49 . 2010-10-21 23:45:48            1,080 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Catch-sub.cmd.vir
          2012-07-17 22:52:49 . 2010-12-13 05:06:30           29,591 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\CF-Script.cmd.vir
          2012-07-17 22:52:49 . 2011-01-13 19:42:09            3,586 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\av.cmd.vir
          2012-07-17 22:52:49 . 2009-11-16 08:03:56              659 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\AWF.cmd.vir
          2012-07-17 22:52:49 . 2010-12-19 08:08:22            4,808 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Boot-Rk.cmd.vir
          2012-07-17 22:52:49 . 2010-09-06 06:15:44            5,014 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Auto-RC.cmd.vir
          2012-07-17 22:52:49 . 2010-04-16 05:11:36            4,144 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Assoc.cmd.vir
          2012-07-17 22:52:49 . 2010-12-09 18:43:47           16,896 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SetEnvmt.bat.vir
          2012-07-17 22:52:49 . 2010-10-12 20:12:18            2,834 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\MoveIt.bat.vir
          2012-07-17 22:52:49 . 2010-10-29 01:21:08           64,146 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\ND_.bat.vir
          2012-07-17 22:52:49 . 2011-01-26 15:11:20        1,426,157 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\List.bat.vir
          2012-07-17 22:52:48 . 2010-11-16 07:28:58          111,168 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\List-D.bat.vir
          2012-07-17 22:52:48 . 2011-01-26 15:09:02          230,108 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\List-C.bat.vir
          2012-07-17 22:52:48 . 2011-01-26 15:10:47           17,894 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\List-B.bat.vir
          2012-07-17 22:52:48 . 2009-10-21 00:25:36              954 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\history.bat.vir
          2012-07-17 22:52:48 . 2010-12-02 01:19:06          215,364 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Lang.bat.vir
          2012-07-17 22:52:48 . 2010-10-23 23:41:14            4,777 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FIXLSP.bat.vir
          2012-07-17 22:52:48 . 2010-11-16 07:26:22           31,154 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\FIND3M.bat.vir
          2012-07-17 22:52:48 . 2010-05-04 10:31:20            2,016 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\DelClsid.bat.vir
          2012-07-17 22:52:48 . 2010-05-04 10:38:48            2,025 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\DelClsid64.bat.vir
          2012-07-17 22:52:48 . 2010-11-16 07:27:38            7,733 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Combobatch.bat.vir
          2012-07-17 22:52:48 . 2011-01-24 19:45:47           62,276 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\c.bat.vir
          2012-07-17 22:52:48 . 2010-11-26 06:54:44            8,418 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\Boot.bat.vir
          2011-02-15 15:35:31 . 2011-02-22 09:32:51               88 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\D0D8791290.sys.vir
          2006-06-10 21:42:26 . 2006-06-10 21:42:26           49,152 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\SF.exe.vir
          2006-03-03 06:42:40 . 2006-03-03 06:42:40           73,728 ----a-w-  C:\Qoobox\Quarantine\C\commy.exe\PV.cfxxe.vir


          roco

            Topic Starter


            Rookie

            Re: I think my system is infected
            « Reply #6 on: July 20, 2012, 08:09:35 AM »
            Hi Dave I found this link  www.bleepingcomputer.com/forums/topic290138.html That provides a way to restore lost files caused by combofix. I will wait for your ok before I run this.

            Thanks

            SuperDave

            • Malware Removal Specialist


            • Sage
            • Thanked: 848
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: I think my system is infected
            « Reply #7 on: July 20, 2012, 04:37:48 PM »
            Please try running MBAM in Safe Mode.
            That was in 2010 and ComboFix has been stable since then. I know how to restore files in ComboFix. Did you try System Restore to a date before you ran ComboFix which would be July 12/12? Do you have your OS disk?
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

            roco

              Topic Starter


              Rookie

              Re: I think my system is infected
              « Reply #8 on: July 20, 2012, 05:34:08 PM »
              Hi, I tried running MBAM in safe mode, but I get that same run time 372 error. No, I didn't try a system restore yet, but if you want me to I will np.

              Yes I think I have the disc around here somewhere. But just so you know that the version of combofix that I ran was one that was still on my desktop, but it did prompt me to update though. Plus some of the symptoms, are very much like mine after the combofix run.

              Thanks

              roco

                Topic Starter


                Rookie

                Re: I think my system is infected
                « Reply #9 on: July 21, 2012, 01:14:27 AM »
                Hi, I tried to do a system restore but it would not allow me. I was missing some file that prevented me to get to restore screen, even in safe mode.

                I found my xp cd, and ran a repair. But during the installation I got a few errors, but when it finished almost everything seems to be fine.


                I am now able to run my avast and no infections.

                Ran Malwarebytes and No malicious items detected


                While my most of my files are restored, I still can not access my firewall getting a Error 1075.

                I will wait for more instructions.

                Thanks

                SuperDave

                • Malware Removal Specialist


                • Sage
                • Thanked: 848
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: I think my system is infected
                « Reply #10 on: July 21, 2012, 01:28:22 PM »
                Let's see what's on your computer for security.

                Download Security Check by screen317 from one of the following links and save it to your desktop.

                Link 1
                Link 2

                * Double-click Security Check.bat
                * Follow the on-screen instructions inside of the black box.
                * A Notepad document should open automatically called checkup.txt
                * Post the contents of that document in your next reply.

                Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender

                roco

                  Topic Starter


                  Rookie

                  Re: I think my system is infected
                  « Reply #11 on: July 21, 2012, 02:11:21 PM »
                  Hi Dave,

                  I just realized that I used the wrong Repair disc. It is service pack 2 disk used for my laptop, and I can't find the service pack 3 disk at all. It seems to be working just fine though, so should I just leave it as is?

                  Here are the scan results for Security Check
                   Results of screen317's Security Check version 0.99.43 
                   Windows XP Service Pack 2 x86   
                   Out of date service pack!!
                   Internet Explorer 6 Out of date!
                  ``````````````Antivirus/Firewall Check:``````````````[/u]
                   Windows Security Center service is not running! This report may not be accurate!
                   avast! Free Antivirus   
                  `````````Anti-malware/Other Utilities Check:`````````[/u]
                   SUPERAntiSpyware     
                   Malwarebytes Anti-Malware version 1.62.0.1300 
                   CCleaner     
                   JavaFX 2.1.1   
                   Java(TM) 7 Update 5 
                   Adobe Flash Player    11.3.300.265 
                   Adobe Reader X (10.1.1)
                   Mozilla Firefox (14.0.1)
                  ````````Process Check: objlist.exe by Laurent````````[/u] 
                  `````````````````System Health check`````````````````[/u]
                   Total Fragmentation on Drive C:: 20% Defragment your hard drive soon!
                  ````````````````````End of Log``````````````````````[/u]


                  Ok just changed my automatic updates so SP3 can be installed

                  SuperDave

                  • Malware Removal Specialist


                  • Sage
                  • Thanked: 848
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: I think my system is infected
                  « Reply #12 on: July 21, 2012, 05:48:47 PM »
                  You should just leave it as is. You really should update your Internet Explorer.
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8 with a dual boot to Windows XP  Home with SP3, Avira  with Windows Firewall & Windows Defender