Hi and thanks for helping me out with this Super Dave.
I ran RKIll and nothing was found.
============================
I tried to run MBAM and I get the same "runtime error 372" error.
==============================
Ok here are the combofix files, along with the quarantine files.
ComboFix 12-07-16.01 - NewUser 07/17/2012 16:01:57.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1020 [GMT -7:00]
Running from: c:\documents and settings\NewUser\My Documents\Downloads\commy.exe.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\commy.exe
c:\commy.exe\023.dat
c:\commy.exe\023v.dat
c:\commy.exe\023w7.dat
c:\commy.exe\AppDataFile.cfx
c:\commy.exe\AppDataFolder.cfx
c:\commy.exe\appinit.bad
c:\commy.exe\asp.str
c:\commy.exe\Assoc.cmd
c:\commy.exe\ATTRIB.cfxxe
c:\commy.exe\Auto-RC.cmd
c:\commy.exe\av.cmd
c:\commy.exe\av.vbs
c:\commy.exe\AWF.cmd
c:\commy.exe\badclsid.c
c:\commy.exe\Boot-Rk.cmd
c:\commy.exe\Boot.bat
c:\commy.exe\BootDrv.vbs
c:\commy.exe\c.bat
c:\commy.exe\c.mrk
c:\commy.exe\Catch-sub.cmd
c:\commy.exe\catchme.cfxxe
c:\commy.exe\CCS.bat
c:\commy.exe\CF-Script.cmd
c:\commy.exe\CF27121.cfxxe
c:\commy.exe\CFVersionOld
c:\commy.exe\CHCP.bat
c:\commy.exe\clsid.c
c:\commy.exe\Combobatch.bat
c:\commy.exe\ComboFix-Download.cfxxe
c:\commy.exe\Create.cmd
c:\commy.exe\Creg.dat
c:\commy.exe\CregC.cmd
c:\commy.exe\CregC.dat
c:\commy.exe\CSCRIPT.cfxxe
c:\commy.exe\CSet.cmd
c:\commy.exe\dd.cfxxe
c:\commy.exe\ddsDo.sed
c:\commy.exe\DelClsid.bat
c:\commy.exe\DelClsid64.bat
c:\commy.exe\desktop.ini
c:\commy.exe\DesktopFile.cfx
c:\commy.exe\DPF.str
c:\commy.exe\DrvRun.vbs
c:\commy.exe\dumphive.cfxxe
c:\commy.exe\embedded.sed
c:\commy.exe\ERDNT.e_e
c:\commy.exe\ERDNTDOS.LOC
c:\commy.exe\ERDNTWIN.LOC
c:\commy.exe\ERUNT.cfxxe
c:\commy.exe\erunt.dat
c:\commy.exe\ERUNT.LOC
c:\commy.exe\Exe.reg
c:\commy.exe\extract.cfxxe
c:\commy.exe\FavoriteFolder.cfx
c:\commy.exe\FavoritesFile.cfx
c:\commy.exe\FD-SV.cmd
c:\commy.exe\ffdefstr.dll
c:\commy.exe\FileKill.cfxxe
c:\commy.exe\files.pif
c:\commy.exe\Fin.dat
c:\commy.exe\FIND3M.bat
c:\commy.exe\FIXLSP.bat
c:\commy.exe\FKMGen.cmd
c:\commy.exe\ForeignWht
c:\commy.exe\GetHive.cmd
c:\commy.exe\grep.cfxxe
c:\commy.exe\gsar.cfxxe
c:\commy.exe\handle.cfxxe
c:\commy.exe\hidec.exe
c:\commy.exe\history.bat
c:\commy.exe\hwid.pif
c:\commy.exe\iexplore.exe
c:\commy.exe\image001.gif
c:\commy.exe\Imefile.dat
c:\commy.exe\Install-RC.cmd
c:\commy.exe\katch.cmd
c:\commy.exe\Kill-All.cmd
c:\commy.exe\kmd.dat
c:\commy.exe\Lang.bat
c:\commy.exe\List-B.bat
c:\commy.exe\List-C.bat
c:\commy.exe\List-D.bat
c:\commy.exe\List.bat
c:\commy.exe\lnkread.vbs
c:\commy.exe\LocalAppDataFile.cfx
c:\commy.exe\LocalAppDataFolder.cfx
c:\commy.exe\LocalService.dat
c:\commy.exe\LocalServiceNetworkRestricted.dat
c:\commy.exe\LocalSettingsFile.cfx
c:\commy.exe\LocalSystemNetworkRestricted.dat
c:\commy.exe\mbr.cfxxe
c:\commy.exe\mbr.chk
c:\commy.exe\md5sum.pif
c:\commy.exe\Mirrors
c:\commy.exe\MoveIt.bat
c:\commy.exe\mtee.cfxxe
c:\commy.exe\MtPt00
c:\commy.exe\mynul.dat
c:\commy.exe\n.pif
c:\commy.exe\N_\10804
c:\commy.exe\N_\15753
c:\commy.exe\N_\16375
c:\commy.exe\N_\17540
c:\commy.exe\N_\17845
c:\commy.exe\N_\18166
c:\commy.exe\N_\19427
c:\commy.exe\N_\21633
c:\commy.exe\N_\25232
c:\commy.exe\N_\25314
c:\commy.exe\N_\25494
c:\commy.exe\N_\2833
c:\commy.exe\N_\30135
c:\commy.exe\N_\31687
c:\commy.exe\N_\3245
c:\commy.exe\N_\4167
c:\commy.exe\N_\7523
c:\commy.exe\N_\8204
c:\commy.exe\N_\pingtest
c:\commy.exe\ncmd.com
c:\commy.exe\ND_.bat
c:\commy.exe\ndis_combofix.dat
c:\commy.exe\netsvc.bad.dat
c:\commy.exe\netsvc.dat
c:\commy.exe\netsvc.vista.dat
c:\commy.exe\netsvc.xp.dat
c:\commy.exe\NetworkService.dat
c:\commy.exe\NirCmd.cfxxe
c:\commy.exe\NircmdB.exe
c:\commy.exe\NirCmdC.cfxxe
c:\commy.exe\NlsLanguageDefault
c:\commy.exe\NT-OS.cmd
c:\commy.exe\NULL
c:\commy.exe\OSid.vbs
c:\commy.exe\OsVer
c:\commy.exe\pausep.cfxxe
c:\commy.exe\PersonalFile.cfx
c:\commy.exe\PersonalFolder.cfx
c:\commy.exe\PEV.cfxxe
c:\commy.exe\pev.exe
c:\commy.exe\PING.cfxxe
c:\commy.exe\Policies.dat
c:\commy.exe\powp.dat
c:\commy.exe\Prep.inf
c:\commy.exe\ProfilesFile.cfx
c:\commy.exe\ProfilesFolder.cfx
c:\commy.exe\ProgramsFile.cfx
c:\commy.exe\ProgramsFolder.cfx
c:\commy.exe\Purity.dat
c:\commy.exe\PV.cfxxe
c:\commy.exe\pv.com
c:\commy.exe\RCLink.dat
c:\commy.exe\REGDACL.sed
c:\commy.exe\RegDo.sed
c:\commy.exe\region.dat
c:\commy.exe\RegScan.cmd
c:\commy.exe\RegScan64.cmd
c:\commy.exe\Resident.txt
c:\commy.exe\restore_pt.vbs
c:\commy.exe\Rkey.cmd
c:\commy.exe\rmbr.cfxxe
c:\commy.exe\rogues.dat
c:\commy.exe\ROUTE.cfxxe
c:\commy.exe\run2.sed
c:\commy.exe\Rust.str
c:\commy.exe\s0rt.cfxxe
c:\commy.exe\safeboot.dat
c:\commy.exe\safeboot.def.dat
c:\commy.exe\safeboot.def.vista.dat
c:\commy.exe\Safeboot.def.w7.dat
c:\commy.exe\sed.cfxxe
c:\commy.exe\SetEnvmt.bat
c:\commy.exe\setpath.cfxxe
c:\commy.exe\SF.exe
c:\commy.exe\sfx.cmd
c:\commy.exe\SnapShot.cmd
c:\commy.exe\SRestore.cmd
c:\commy.exe\srizbi.md5
c:\commy.exe\Start_dat
c:\commy.exe\StartMenuFile.cfx
c:\commy.exe\StartMenuFolder.cfx
c:\commy.exe\StartUpFile.cfx
c:\commy.exe\SuppScan.cmd
c:\commy.exe\svc_wht.dat
c:\commy.exe\SvcDrv.vbs
c:\commy.exe\svchost.dat
c:\commy.exe\svchost.vista.dat
c:\commy.exe\svchost.vista.x64.dat
c:\commy.exe\svchost.w7.dat
c:\commy.exe\svchost.w7.x64.dat
c:\commy.exe\SWREG.cfxxe
c:\commy.exe\swreg.exe
c:\commy.exe\swsc.cfxxe
c:\commy.exe\swxcacls.cfxxe
c:\commy.exe\system_ini.dat
c:\commy.exe\tail.cfxxe
c:\commy.exe\TemplatesFile.cfx
c:\commy.exe\TemplatesFolder.cfx
c:\commy.exe\toolbar.sed
c:\commy.exe\Update-CF.cmd
c:\commy.exe\VerCF.bat
c:\commy.exe\version.txt
c:\commy.exe\VInfo
c:\commy.exe\VInfo2
c:\commy.exe\Vipev.dat
c:\commy.exe\vistaMcode.dat
c:\commy.exe\vistareg.dat
c:\commy.exe\vun.dat
c:\commy.exe\VwinTemp.dacl
c:\commy.exe\w_sock.dll
c:\commy.exe\w2k_sock.dll
c:\commy.exe\w2kreg.dat
c:\commy.exe\w7Mcode.dat
c:\commy.exe\w7reg.dat
c:\commy.exe\Wmi_rem.vbs
c:\commy.exe\XP.mac
c:\commy.exe\xpmcode.dat
c:\commy.exe\xpreg.dat
c:\commy.exe\XPSBoot.reg
c:\commy.exe\zDomain.dat
c:\commy.exe\zhsvc.dat
c:\commy.exe\zip.cfxxe
c:\documents and settings\All Users\Application Data\D0D8791290.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-15 22:38 . 2012-07-16 14:23 -------- d-----w- c:\documents and settings\NewUser\Application Data\Media Finder
2012-07-01 03:45 . 2012-07-01 03:45 -------- d-----w- c:\documents and settings\NewUser\Local Settings\Application Data\Sun
2012-07-01 03:44 . 2012-07-15 05:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 03:44 . 2012-07-15 05:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-01 03:07 . 2012-07-01 03:07 -------- d-----w- c:\program files\Oracle
2012-07-01 03:07 . 2012-07-01 03:07 -------- d-----w- c:\documents and settings\NewUser\Application Data\Oracle
2012-07-01 03:07 . 2012-05-05 02:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-01 03:07 . 2012-05-05 02:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2010-09-14 18:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2010-02-12 16:06 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2010-02-12 16:06 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-03-10 22:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-03-10 22:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2006-03-10 22:32 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2010-02-12 16:06 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-03-10 22:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-03-07 22:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2003-03-31 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2010-02-12 16:06 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-03-10 22:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-03-07 22:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-02-12 16:06 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2006-08-02 02:08 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-05 02:29 . 2010-09-14 18:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2006-09-05 00:59 . 2006-09-05 00:59 34384 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-09-05 00:59 . 2006-09-05 00:59 93848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2012-06-17 19:42 . 2012-04-18 05:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-02 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2011-11-02 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2003-06-20 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-03 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 10:44 500208 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 06:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 06:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-15 20:36 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-10-21 18:43 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-02 02:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwitchBoard"=3 (0x3)
"PrismXL"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ICQ Service"=2 (0x2)
"hasplms"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"nvsvc"=2 (0x2)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"McComponentHostService"=3 (0x3)
"!SASCORE"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/9/2012 10:03 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/9/2012 10:03 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/9/2012 10:03 PM 20568]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/13/2010 9:22 AM 102448]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 5:53 PM 113120]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/30/2012 8:44 PM 250056]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9/3/2010 1:13 PM 246520]
S4 McComponentHostService;McAfee Security Scan Component Host Service;
S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79875281
*Deregistered* - 79875281
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 05:44]
.
2012-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {82836898-30F4-4813-9A2F-120C012E44E7} - hxxp://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} - (local)
FF - ProfilePath - c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\jtpbkl07.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - (no file)
Toolbar-10 - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\Media Finder.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-07-17 16:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-07-17 16:24:06
ComboFix-quarantined-files.txt 2012-07-17 23:24
.
Pre-Run: 26,603,859,968 bytes free
Post-Run: 26,551,021,568 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1009F63F29C0FCB0845096CF47D7482D
===========================================================================
Ok here are quarantine files
2012-07-17 23:23:16 . 2012-07-17 23:23:16 1,186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-KB923789.reg.dat
2012-07-17 23:22:05 . 2012-07-17 23:22:05 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034}.reg.dat
2012-07-17 23:21:24 . 2012-07-17 23:21:24 163 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Media Finder.reg.dat
2012-07-17 23:21:19 . 2012-07-17 23:21:19 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-07-17 23:21:16 . 2012-07-17 23:21:17 783 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}.reg.dat
2012-07-17 23:09:58 . 2012-07-17 23:09:58 5,843 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-07-17 22:55:15 . 2012-07-17 22:55:15 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\21633.vir
2012-07-17 22:55:15 . 2012-07-17 22:55:15 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\4167.vir
2012-07-17 22:55:15 . 2012-07-17 22:55:15 87 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\17845.vir
2012-07-17 22:55:07 . 2012-07-17 22:55:07 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\25232.vir
2012-07-17 22:55:06 . 2012-07-17 22:55:06 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\15753.vir
2012-07-17 22:55:05 . 2012-07-17 22:55:07 35 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\version.txt.vir
2012-07-17 22:55:05 . 2012-07-17 22:55:05 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\25314.vir
2012-07-17 22:55:05 . 2012-07-17 22:55:05 74 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Mirrors.vir
2012-07-17 22:55:05 . 2012-07-17 22:55:05 199 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\10804.vir
2012-07-17 22:55:04 . 2012-07-17 22:55:05 379 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\18166.vir
2012-07-17 22:55:03 . 2012-07-17 22:55:04 66 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\pingtest.vir
2012-07-17 22:55:03 . 2012-07-17 22:55:03 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\7523.vir
2012-07-17 22:55:02 . 2012-07-17 22:55:02 880 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ForeignWht.vir
2012-07-17 22:55:02 . 2012-07-17 22:55:02 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\17540.vir
2012-07-17 22:55:02 . 2012-07-17 22:55:02 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\16375.vir
2012-07-17 22:55:02 . 2012-07-17 22:55:02 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\8204.vir
2012-07-17 22:54:59 . 2012-07-17 22:54:59 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\25494.vir
2012-07-17 22:54:59 . 2012-07-17 22:54:59 10 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\erunt.dat.vir
2012-07-17 22:54:59 . 2012-07-17 22:54:59 1,544 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\19427.vir
2012-07-17 22:54:59 . 2012-07-17 22:54:59 24 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\2833.vir
2012-07-17 22:54:59 . 2012-07-17 22:56:25 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-07-17 22:54:59 . 2012-07-17 22:54:59 15 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\kmd.dat.vir
2012-07-17 22:54:59 . 2012-07-17 22:54:59 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\31687.vir
2012-07-17 22:54:58 . 2012-07-17 22:54:59 91 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CCS.bat.vir
2012-07-17 22:54:58 . 2012-07-17 22:54:58 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\c.mrk.vir
2012-07-17 22:54:58 . 2012-07-17 22:54:58 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\3245.vir
2012-07-17 22:54:58 . 2012-07-17 22:54:58 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NULL.vir
2012-07-17 22:54:58 . 2012-07-17 22:54:58 24 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\N_\30135.vir
2012-07-17 22:54:56 . 2012-07-17 22:54:56 2 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Start_dat.vir
2012-07-17 22:54:56 . 2012-07-17 22:53:41 389,120 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CF27121.cfxxe.vir
2012-07-17 22:54:26 . 2012-07-17 22:54:55 80 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Resident.txt.vir
2012-07-17 22:54:24 . 2003-03-31 12:00:00 19,968 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ROUTE.cfxxe.vir
2012-07-17 22:54:24 . 2008-04-14 00:12:31 17,920 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\PING.cfxxe.vir
2012-07-17 22:54:24 . 2008-05-07 09:07:23 135,168 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CSCRIPT.cfxxe.vir
2012-07-17 22:54:23 . 2008-04-14 00:12:12 12,288 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ATTRIB.cfxxe.vir
2012-07-17 22:54:23 . 2012-07-17 22:54:25 14 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\sfx.cmd.vir
2012-07-17 22:54:14 . 2012-07-17 22:54:15 13 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CFVersionOld.vir
2012-07-17 22:54:13 . 2012-07-17 22:54:13 6 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NlsLanguageDefault.vir
2012-07-17 22:54:12 . 2012-07-17 22:54:13 16 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CHCP.bat.vir
2012-07-17 22:54:08 . 2010-04-26 22:58:12 256,512 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\PEV.cfxxe.vir
2012-07-17 22:54:03 . 2009-04-20 19:56:28 31,232 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NircmdB.exe.vir
2012-07-17 22:53:53 . 2000-08-31 15:00:00 161,792 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SWREG.cfxxe.vir
2012-07-17 22:53:53 . 2012-07-17 22:54:56 305 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\VerCF.bat.vir
2012-07-17 22:53:52 . 2012-07-17 22:53:52 164 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\MtPt00.vir
2012-07-17 22:53:52 . 2012-07-17 22:53:52 43 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\OsVer.vir
2012-07-17 22:53:52 . 2012-07-17 22:53:52 40 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\XP.mac.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 1,057 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\image001.gif.vir
2012-07-17 22:52:58 . 2010-12-12 10:38:01 1,127 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Wmi_rem.vbs.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 2,176 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SvcDrv.vbs.vir
2012-07-17 22:52:58 . 2010-12-16 08:49:01 3,246 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\lnkread.vbs.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 977 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\OSid.vbs.vir
2012-07-17 22:52:58 . 2009-05-02 05:26:10 587 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\restore_pt.vbs.vir
2012-07-17 22:52:58 . 2010-04-19 09:44:24 650 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\DrvRun.vbs.vir
2012-07-17 22:52:58 . 2010-12-16 06:02:05 2,933 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\av.vbs.vir
2012-07-17 22:52:58 . 2010-07-27 23:55:16 875 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\BootDrv.vbs.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 746 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\DPF.str.vir
2012-07-17 22:52:58 . 2009-06-10 18:38:44 30 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Rust.str.vir
2012-07-17 22:52:58 . 2009-07-14 06:09:30 602 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\asp.str.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 287 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\run2.sed.vir
2012-07-17 22:52:58 . 2009-10-30 20:26:54 633 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\toolbar.sed.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 303 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\embedded.sed.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 3,558 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\REGDACL.sed.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 9,203 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\RegDo.sed.vir
2012-07-17 22:52:58 . 2009-05-25 16:59:50 7,983 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ddsDo.sed.vir
2012-07-17 22:52:58 . 2010-02-03 01:41:38 13,090 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\XPSBoot.reg.vir
2012-07-17 22:52:58 . 2010-12-09 09:37:54 14,517 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Exe.reg.vir
2012-07-17 22:52:58 . 2011-01-26 15:11:44 6,494 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\md5sum.pif.vir
2012-07-17 22:52:58 . 2009-04-20 19:56:28 31,232 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\n.pif.vir
2012-07-17 22:52:58 . 2010-07-15 07:44:50 74,529 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\hwid.pif.vir
2012-07-17 22:52:58 . 2011-01-26 15:11:43 3,129 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\files.pif.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 3,275 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ERDNTWIN.LOC.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 4,090 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ERUNT.LOC.vir
2012-07-17 22:52:58 . 2011-01-25 20:01:45 270,912 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\srizbi.md5.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 2,815 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ERDNTDOS.LOC.vir
2012-07-17 22:52:58 . 2005-10-21 03:02:28 163,328 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ERDNT.e_e.vir
2012-07-17 22:52:58 . 2011-01-26 03:29:46 47,190 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\zhsvc.dat.vir
2012-07-17 22:52:58 . 2010-06-29 05:47:56 14,107 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\w7reg.dat.vir
2012-07-17 22:52:58 . 2010-07-23 05:14:44 440 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\xpmcode.dat.vir
2012-07-17 22:52:58 . 2010-11-25 06:44:58 60,049 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\xpreg.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 23,773 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\zDomain.dat.vir
2012-07-17 22:52:58 . 2010-11-25 06:45:14 40,418 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\w2kreg.dat.vir
2012-07-17 22:52:58 . 2010-07-24 11:20:44 440 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\w7Mcode.dat.vir
2012-07-17 22:52:58 . 2010-11-25 06:46:02 13,996 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\vistareg.dat.vir
2012-07-17 22:52:58 . 2010-06-21 11:05:36 7,584 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\vun.dat.vir
2012-07-17 22:52:58 . 2010-11-27 19:19:42 1,306 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\svchost.w7.x64.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 276 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\system_ini.dat.vir
2012-07-17 22:52:58 . 2010-05-11 06:30:04 308 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Vipev.dat.vir
2012-07-17 22:52:58 . 2010-07-27 10:17:22 440 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\vistaMcode.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 555 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\svchost.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 668 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\svchost.vista.dat.vir
2012-07-17 22:52:58 . 2010-11-27 20:12:00 749 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\svchost.vista.x64.dat.vir
2012-07-17 22:52:58 . 2009-10-18 19:14:26 956 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\svchost.w7.dat.vir
2012-07-17 22:52:58 . 2009-10-18 19:00:38 585 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Safeboot.def.w7.dat.vir
2012-07-17 22:52:58 . 2009-11-29 13:42:26 11,987 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\svc_wht.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 820 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\rogues.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 329 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\safeboot.dat.vir
2012-07-17 22:52:58 . 2009-06-10 09:25:08 1,464 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\safeboot.def.dat.vir
2012-07-17 22:52:58 . 2010-11-27 09:53:30 482 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\safeboot.def.vista.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 404 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Purity.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 7,478 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\RCLink.dat.vir
2012-07-17 22:52:58 . 2010-09-17 11:03:32 1,153 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\region.dat.vir
2012-07-17 22:52:58 . 2010-05-13 23:57:52 64 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\powp.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 88 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NetworkService.dat.vir
2012-07-17 22:52:58 . 2009-07-06 10:51:10 2,992 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Policies.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 159 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\netsvc.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 481 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\netsvc.vista.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 525 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\netsvc.xp.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 198 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\LocalSystemNetworkRestricted.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 0 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\mynul.dat.vir
2012-07-17 22:52:58 . 2009-12-24 23:12:40 283 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ndis_combofix.dat.vir
2012-07-17 22:52:58 . 2010-04-15 01:21:30 520 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\netsvc.bad.dat.vir
2012-07-17 22:52:58 . 2010-08-10 11:32:44 677 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Fin.dat.vir
2012-07-17 22:52:58 . 2010-09-05 14:07:30 224 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Imefile.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 225 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\LocalService.dat.vir
2012-07-17 22:52:58 . 2000-08-31 15:00:00 91 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\LocalServiceNetworkRestricted.dat.vir
2012-07-17 22:52:58 . 2010-04-18 00:21:48 472 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CregC.dat.vir
2012-07-17 22:52:58 . 2011-01-25 22:23:03 536,104 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Creg.dat.vir
2012-07-17 22:52:58 . 2010-11-27 10:07:20 2,181 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\023v.dat.vir
2012-07-17 22:52:58 . 2010-02-13 08:55:28 660 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\023w7.dat.vir
2012-07-17 22:52:57 . 2010-10-02 09:54:32 40,797 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\023.dat.vir
2012-07-17 22:52:57 . 2010-08-01 00:05:38 244 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\VwinTemp.dacl.vir
2012-07-17 22:52:57 . 2010-08-29 18:30:24 2,141 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\mbr.chk.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 68,096 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\zip.cfxxe.vir
2012-07-17 22:52:57 . 1999-11-10 15:00:00 35,328 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\tail.cfxxe.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 212,480 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\swxcacls.cfxxe.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 136,704 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\swsc.cfxxe.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 31,014 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\setpath.cfxxe.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 98,816 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\sed.cfxxe.vir
2012-07-17 22:52:57 . 1999-11-11 07:00:00 38,400 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\s0rt.cfxxe.vir
2012-07-17 22:52:57 . 2010-11-08 08:20:24 89,088 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\rmbr.cfxxe.vir
2012-07-17 22:52:57 . 2002-09-29 20:01:16 68,096 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\pausep.cfxxe.vir
2012-07-17 22:52:57 . 2009-04-20 19:56:26 30,720 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NirCmdC.cfxxe.vir
2012-07-17 22:52:57 . 2009-04-20 19:56:28 31,232 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NirCmd.cfxxe.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 11,264 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\mtee.cfxxe.vir
2012-07-17 22:52:57 . 2009-10-25 13:11:34 77,312 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\mbr.cfxxe.vir
2012-07-17 22:52:57 . 2008-11-18 20:15:14 173,936 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\handle.cfxxe.vir
2012-07-17 22:52:57 . 2000-08-31 15:00:00 15,360 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\gsar.cfxxe.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 80,412 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\grep.cfxxe.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 145,920 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FileKill.cfxxe.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 52,736 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\extract.cfxxe.vir
2012-07-17 22:52:56 . 2005-10-21 03:00:28 157,696 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ERUNT.cfxxe.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 51,200 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\dumphive.cfxxe.vir
2012-07-17 22:52:56 . 2010-08-23 12:14:40 101,376 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\dd.cfxxe.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 141,312 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ComboFix-Download.cfxxe.vir
2012-07-17 22:52:56 . 2009-04-18 00:37:10 147,456 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\catchme.cfxxe.vir
2012-07-17 22:52:56 . 2011-01-18 03:34:28 3,378 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\TemplatesFile.cfx.vir
2012-07-17 22:52:56 . 2010-12-31 04:25:15 62 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\TemplatesFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-24 14:06:27 4,636 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\StartMenuFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-03 04:20:21 447 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\StartMenuFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-26 15:08:15 8,285 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\StartUpFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-24 23:10:19 798 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ProfilesFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-11 17:12:26 3,933 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ProgramsFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-20 18:30:51 13,498 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ProgramsFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-13 19:37:50 3,589 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\PersonalFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-10 00:40:12 119 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\PersonalFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-25 16:15:51 12,581 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ProfilesFile.cfx.vir
2012-07-17 22:52:56 . 2010-09-05 23:52:14 20 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FavoriteFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-25 03:40:48 6,461 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FavoritesFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-15 07:45:54 4,250 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\LocalAppDataFile.cfx.vir
2012-07-17 22:52:56 . 2010-12-31 04:32:49 2,902 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\LocalAppDataFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-10 00:39:45 2,795 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\LocalSettingsFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-20 18:30:41 7,892 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\DesktopFile.cfx.vir
2012-07-17 22:52:56 . 2011-01-26 15:07:17 13,737 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\AppDataFolder.cfx.vir
2012-07-17 22:52:56 . 2011-01-26 15:07:22 27,627 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\AppDataFile.cfx.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 6,760 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\appinit.bad.vir
2012-07-17 22:52:56 . 2010-09-17 07:30:50 4,327 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\VInfo.vir
2012-07-17 22:52:56 . 2011-01-24 19:15:33 9,713 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\VInfo2.vir
2012-07-17 22:52:56 . 2010-08-20 06:16:34 1,024 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Combo-Fix.sys.vir
2012-07-17 22:52:56 . 2009-06-21 22:34:24 90,202 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\w2k_sock.dll.vir
2012-07-17 22:52:56 . 2009-06-21 21:45:40 98,948 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\w_sock.dll.vir
2012-07-17 22:52:56 . 2010-08-30 11:45:49 38,901 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ffdefstr.dll.vir
2012-07-17 22:52:56 . 2000-08-31 15:00:00 161,792 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\swreg.exe.vir
2012-07-17 22:52:54 . 2010-04-26 22:58:12 256,512 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\pev.exe.vir
2012-07-17 22:52:52 . 2009-04-20 19:56:28 31,232 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\iexplore.exe.vir
2012-07-17 22:52:52 . 2005-08-16 08:54:58 1,536 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\hidec.exe.vir
2012-07-17 22:52:50 . 2006-03-03 06:42:40 73,728 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\pv.com.vir
2012-07-17 22:52:50 . 2010-12-25 08:12:32 8,512 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ncmd.com.vir
2012-07-17 22:52:50 . 2010-12-09 09:39:40 2,898 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Prep.inf.vir
2012-07-17 22:52:50 . 2011-01-26 15:11:42 266,578 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\clsid.c.vir
2012-07-17 22:52:50 . 2011-01-26 15:11:42 982,956 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\badclsid.c.vir
2012-07-17 22:52:50 . 2010-12-22 07:29:05 3,934 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Update-CF.cmd.vir
2012-07-17 22:52:50 . 2010-12-13 19:34:13 19,948 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SuppScan.cmd.vir
2012-07-17 22:52:50 . 2010-10-14 18:17:56 4,630 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SnapShot.cmd.vir
2012-07-17 22:52:50 . 2010-10-21 22:35:38 2,146 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SRestore.cmd.vir
2012-07-17 22:52:50 . 2009-11-15 12:35:16 442 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Rkey.cmd.vir
2012-07-17 22:52:50 . 2010-12-23 21:53:34 20,100 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\RegScan64.cmd.vir
2012-07-17 22:52:50 . 2010-12-23 21:58:21 53,691 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\RegScan.cmd.vir
2012-07-17 22:52:50 . 2010-10-04 01:37:46 1,695 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Kill-All.cmd.vir
2012-07-17 22:52:50 . 2010-12-25 06:40:16 37,516 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\NT-OS.cmd.vir
2012-07-17 22:52:49 . 2010-12-25 06:33:45 1,333 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\katch.cmd.vir
2012-07-17 22:52:49 . 2010-09-06 06:15:44 8,004 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Install-RC.cmd.vir
2012-07-17 22:52:49 . 2010-01-04 03:41:36 1,085 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FKMGen.cmd.vir
2012-07-17 22:52:49 . 2010-10-23 01:02:12 5,979 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\GetHive.cmd.vir
2012-07-17 22:52:49 . 2010-10-04 10:52:26 3,342 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CregC.cmd.vir
2012-07-17 22:52:49 . 2009-12-24 04:49:36 1,686 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CSet.cmd.vir
2012-07-17 22:52:49 . 2011-01-24 19:29:42 8,028 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FD-SV.cmd.vir
2012-07-17 22:52:49 . 2011-01-11 21:38:58 18,215 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Create.cmd.vir
2012-07-17 22:52:49 . 2010-10-21 23:45:48 1,080 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Catch-sub.cmd.vir
2012-07-17 22:52:49 . 2010-12-13 05:06:30 29,591 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\CF-Script.cmd.vir
2012-07-17 22:52:49 . 2011-01-13 19:42:09 3,586 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\av.cmd.vir
2012-07-17 22:52:49 . 2009-11-16 08:03:56 659 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\AWF.cmd.vir
2012-07-17 22:52:49 . 2010-12-19 08:08:22 4,808 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Boot-Rk.cmd.vir
2012-07-17 22:52:49 . 2010-09-06 06:15:44 5,014 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Auto-RC.cmd.vir
2012-07-17 22:52:49 . 2010-04-16 05:11:36 4,144 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Assoc.cmd.vir
2012-07-17 22:52:49 . 2010-12-09 18:43:47 16,896 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SetEnvmt.bat.vir
2012-07-17 22:52:49 . 2010-10-12 20:12:18 2,834 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\MoveIt.bat.vir
2012-07-17 22:52:49 . 2010-10-29 01:21:08 64,146 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\ND_.bat.vir
2012-07-17 22:52:49 . 2011-01-26 15:11:20 1,426,157 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\List.bat.vir
2012-07-17 22:52:48 . 2010-11-16 07:28:58 111,168 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\List-D.bat.vir
2012-07-17 22:52:48 . 2011-01-26 15:09:02 230,108 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\List-C.bat.vir
2012-07-17 22:52:48 . 2011-01-26 15:10:47 17,894 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\List-B.bat.vir
2012-07-17 22:52:48 . 2009-10-21 00:25:36 954 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\history.bat.vir
2012-07-17 22:52:48 . 2010-12-02 01:19:06 215,364 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Lang.bat.vir
2012-07-17 22:52:48 . 2010-10-23 23:41:14 4,777 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FIXLSP.bat.vir
2012-07-17 22:52:48 . 2010-11-16 07:26:22 31,154 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\FIND3M.bat.vir
2012-07-17 22:52:48 . 2010-05-04 10:31:20 2,016 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\DelClsid.bat.vir
2012-07-17 22:52:48 . 2010-05-04 10:38:48 2,025 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\DelClsid64.bat.vir
2012-07-17 22:52:48 . 2010-11-16 07:27:38 7,733 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Combobatch.bat.vir
2012-07-17 22:52:48 . 2011-01-24 19:45:47 62,276 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\c.bat.vir
2012-07-17 22:52:48 . 2010-11-26 06:54:44 8,418 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\Boot.bat.vir
2011-02-15 15:35:31 . 2011-02-22 09:32:51 88 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\D0D8791290.sys.vir
2006-06-10 21:42:26 . 2006-06-10 21:42:26 49,152 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\SF.exe.vir
2006-03-03 06:42:40 . 2006-03-03 06:42:40 73,728 ----a-w- C:\Qoobox\Quarantine\C\commy.exe\PV.cfxxe.vir