Is Virus cause this?

P

paulcheung

Active Member
Hi all,
I think I get some malware, wormor virus in one of my laptop. It start with the hard drive light consistant on, then bsod. when it reboot it say one drive need to be checked. then it start the checkdisk and found a lot unreadable sectors. I stop it and reboot. there windows repair come on automatically. after that I run malwarebyte and superantipspyware. The malwarebyte didn't find anything, but superantispyware found something other than the track cookies. I clean them but when I boot it say "Group policy client service failed logon. access denied.

When I use another user to logon I get in but window explorer is not there.
Can it be a virus or just the hard drive have problem?
Thank you in advance.

Below is a screen shoot of the superantispyware found.
 
Last edited:
They seem to be false positives, but do the following and see if there actually is anything.

Put combofix on a flash drive and boot to safe mode and run it after transferring it to the desktop screen.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Here is the combofix logs

ComboFix 11-12-05.04 -Cheung 12/05/2011 23:40:31.1.2 - x64
Running from: c:\users\Cheung\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C95B3F8A-55D3-4603-A186-F97E9045A2BD}.xps
c:\users\Ken\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll
c:\users\Ken\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
c:\users\Ken\AppData\Local\Temp\{AC76BA86-1033-0000-7760-000000000002}\asneu.dll
c:\users\Ken\AppData\Local\Temp\{BD8D1903-49E4-46FE-8AF8-CF622F3522A1}\{C2A6CFA5-08A1-4072-B520-7C67DD7D85EC}\difxapi.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.10.0\engines\libpixmap.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.10.0\engines\libsvg.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.10.0\engines\libwimp.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.4.0\engines\libmetal.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\modules\modules\libgail.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-arabic-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-arabic-lang.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-basic-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-basic-win32.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-hangul-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-hebrew-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-indic-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-indic-lang.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-khmer-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-syriac-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-thai-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-tibetan-fc.dll
c:\users\Ken\AppData\Local\Temp\EPM\system32\BootMan.exe
c:\users\Ken\AppData\Local\Temp\EPM\system32\epmntdrv.sys
c:\users\Ken\AppData\Local\Temp\EPM\system32\EuEpmGdi.dll
c:\users\Ken\AppData\Local\Temp\EPM\system32\EuGdiDrv.sys
c:\users\Ken\AppData\Local\Temp\EPM\system32\setupempdrv03.exe
c:\users\Ken\AppData\Local\Temp\Low\udDownload.tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[1].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[2].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[3].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[4].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[5].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[6].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[7].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[8].tmp
c:\users\Ken\AppData\Local\Temp\Low\udDownload[9].tmp
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1025\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1028\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1029\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1030\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1031\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1032\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1033\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1035\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1036\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1037\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1038\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1040\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1041\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1042\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1043\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1044\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1045\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1046\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1049\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1053\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1055\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2052\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2070\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3076\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3082\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\Setup.exe
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupEngine.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUi.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUtility.exe
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\sqmapi.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
c:\users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 04:48 . 2011-12-06 04:48 -------- d-----w- c:\users\Ken\AppData\Local\temp
2011-12-06 04:48 . 2011-12-06 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 19:21 . 2011-12-05 19:22 -------- d-----w- c:\users\Ken-Cheun Cheung
2011-12-05 18:28 . 2011-12-05 18:28 -------- d-----w- C:\found.000
2011-11-19 04:06 . 2011-11-19 04:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-17 03:32 . 2010-04-06 19:21 2018596 ----a-w- c:\windows\system32\drivers\macxvi200.bin
2011-11-17 03:32 . 2010-04-06 19:21 2018596 ------w- c:\windows\SysWow64\drivers\macxvi200.bin
2011-11-17 03:32 . 2010-04-06 19:21 10752 ----a-w- c:\windows\system32\drivers\usbws320.sys
2011-11-17 03:32 . 2011-11-17 03:32 -------- d-----w- c:\windows\SysWow64\SupportWimax
2011-11-17 03:32 . 2010-04-06 19:21 34816 ----a-w- c:\windows\system32\drivers\BcmBusCtr.sys
2011-11-17 03:32 . 2010-04-06 19:21 216576 ----a-w- c:\windows\system32\drivers\drxvi314.sys
2011-11-17 03:32 . 2011-11-17 03:32 -------- d-----w- c:\program files (x86)\Digicel Broadband CM
2011-11-08 10:19 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-08 10:19 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-08 10:19 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-08 10:19 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-08 10:19 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-08 10:19 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-08 10:19 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-08 10:17 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-08 10:17 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-08 10:16 . 2011-11-08 10:16 -------- d-----w- c:\programdata\AVAST Software
2011-11-08 10:16 . 2011-11-08 10:16 -------- d-----w- c:\program files\AVAST Software
2011-11-08 08:29 . 2011-11-08 08:29 -------- d-----w- c:\windows\SysWow64\Wat
2011-11-08 08:29 . 2011-11-08 08:29 -------- d-----w- c:\windows\system32\Wat
2011-11-08 08:06 . 2011-11-08 08:06 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-08 08:04 . 2011-11-08 08:04 -------- d-----w- c:\windows\SysWow64\x64
2011-11-08 08:04 . 2009-09-24 00:30 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe
2011-11-08 04:22 . 2011-11-08 10:00 -------- d-----w- c:\windows\AutoKMS
2011-11-08 03:34 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC99A552-14B0-48D8-9FBF-86944452485F}\mpengine.dll
2011-11-08 03:15 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-11-08 03:14 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-08 03:13 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-08 03:12 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 03:10 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-11-08 02:56 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-08 02:56 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-11-08 02:56 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-08 02:56 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-08 02:55 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-11-08 02:55 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-08 02:55 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-11-08 02:12 . 2011-11-08 02:12 -------- d-----w- c:\windows\system32\SPReview
2011-11-08 01:36 . 2010-11-20 10:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2011-11-08 01:36 . 2010-11-20 10:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2011-11-08 01:36 . 2010-11-20 09:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2011-11-08 01:36 . 2010-11-20 10:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2011-11-08 01:36 . 2010-11-20 10:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-11-08 01:36 . 2010-11-20 10:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-11-08 01:14 . 2010-11-20 10:27 185856 ----a-w- c:\windows\system32\wbem\viewprov.dll
2011-11-08 01:13 . 2010-11-20 10:27 65536 ----a-w- c:\windows\system32\RpcRtRemote.dll
2011-11-08 01:09 . 2011-11-08 01:09 -------- d-----w- c:\windows\system32\EventProviders
2011-11-06 10:27 . 2011-11-06 10:27 -------- d-----w- c:\windows\SysWow64\BestPractices
2011-11-06 10:27 . 2011-11-06 10:27 -------- d-----w- c:\windows\system32\BestPractices
2011-11-06 10:27 . 2011-11-06 10:27 -------- d-----w- C:\inetpub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 02:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-08 02:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-03 10:06 . 2010-06-14 04:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-1
C:\Windows\system32\Winbhdupdt\
C:\Windows\windl32\
C:\Windows\SysWow64\Keylogger\
C:\Windows\system32\Keylogger\
C:\Windows\SysWow64\multi\
C:\Windows\system32\multi\
C:\Windows\installlytt\
C:\Windows\winrock32\
C:\Windows\SysWow64\Arquivo Comum\
C:\Windows\system32\Arquivo Comum\
C:\Windows\SysWow64\Date250\
C:\Windows\system32\Date250\
C:\Windows\SysWow64\tmpupdate\
C:\Windows\system32\tmpupdate\
C:\'\
C:\Windows\yahoo\Server.exe\
C:\Program Files (x86)\DealScout\
C:\Program Files\DealScout\
C:\Program Files (x86)\micro_sponsor12\
C:\Program Files\micro_sponsor12\
C:\Windows\SysWow64\nwebjeet\
C:\Windows\system32\nwebjeet\
C:\backup.bin\
C:\Windows\SysWow64\msn.exe\
C:\Windows\system32\msn.exe\
C:\Users\ac4tuje\
C:\Program Files (x86)\ATIdomji\
C:\Program Files\ATIdomji\
C:\Program Files (x86)\bomulmultisearchbar\
C:\Program Files\bomulmultisearchbar\
C:\Program Files (x86)\Microsoft Office\Officell\
C:\Program Files\Microsoft Office\Officell\
C:\Program Files (x86)\untswinsearch\
C:\Program Files\untswinsearch\
C:\Program Files (x86)\ysy\
C:\Program Files\ysy\
C:\Windows\SysWow64\burl\
C:\Windows\system32\burl\
C:\y2urhatg\
C:\Windows\assembly\tmp\U\
C:\Windows\XiaoNiu\
C:\Program Files (x86)\Common Files\Microsoft Services\S-1-5-21-0911896123-3820865822-3393560520-9587\
C:\Program Files\Common Files\Microsoft Services\S-1-5-21-0911896123-3820865822-3393560520-9587\
C:\su71u73.bin\
C:\Program Files (x86)\Ph4jk\
C:\Program Files\Ph4jk\
C:\Windows\SysWow64\window34\
C:\Windows\system32\window34\
C:\Program Files (x86)\hiyblpjxxw\
C:\Program Files\hiyblpjxxw\
C:\Program Files (x86)\ineeyylpwk\
C:\Program Files\ineeyylpwk\
C:\Program Files (x86)\wqjwiovm\
C:\Program Files\wqjwiovm\
C:\Windows\SysWow64\gamecdkeylist\
C:\Windows\system32\gamecdkeylist\
C:\Windows\winnnn\
C:\gaisyhudjia\
C:\servi3e.bin\
C:\Windows\SysWow64\del\
C:\Windows\system32\del\
C:\Windows\SysWow64\FileSys\
C:\Windows\system32\FileSys\
C:\Windows\SysWow64\FolderFiles\
C:\Windows\system32\FolderFiles\
C:\Windows\SysWow64\runfold\
C:\Windows\system32\runfold\
C:\Windows\SysWow64\wlpuses\
C:\Windows\system32\wlpuses\
C:\Windows\onlyyou\
C:\Windows\systam32\
C:\Windows\systemobjecthelper\
C:\Windows\thg\
C:\Program Files (x86)\SmartFind\
C:\Program Files\SmartFind\
C:\Program Files (x86)\WallTab\
C:\Program Files\WallTab\
C:\Program Files (x86)\annahussie\
C:\Program Files\annahussie\
C:\Windows\Dir\
C:\Intelmedia\
C:\Program Files (x86)\VirusScan\
C:\Program Files\VirusScan\
C:\Windows\SysWow64\frhj\
C:\Windows\system32\frhj\
C:\Windows\dosa\
C:\Windows\files\
C:\Windows\jlq\
C:\Program Files (x86)\adh6ad\
C:\Program Files\adh6ad\
C:\Program Files (x86)\cbcopop\
C:\Program Files\cbcopop\
C:\Program Files (x86)\Inter Virus Avira Laptops\
C:\Program Files\Inter Virus Avira Laptops\
C:\Program Files (x86)\mwinsearchopen\
C:\Program Files\mwinsearchopen\
C:\Windows\SysWow64\BrcServer\
C:\Windows\system32\BrcServer\
C:\helpbin.Bin\
C:\InstDrvs\
C:\Windows\inf\$P29XK4IGJ615H$\
C:\Program Files (x86)\AdobeFlashPlayer\Ìóñîð\
C:\Program Files\AdobeFlashPlayer\Ìóñîð\
C:\Program Files (x86)\greend\
C:\Program Files\greend\
C:\Program Files (x86)\isrchro\
C:\Program Files\isrchro\
C:\Program Files (x86)\LineAd\
C:\Program Files\LineAd\
C:\Program Files (x86)\WhenU\
C:\Program Files\WhenU\
C:\Program Files (x86)\win mysidebar\
C:\Program Files\win mysidebar\
C:\Program Files (x86)\Windows Live Show\
C:\Program Files\Windows Live Show\
C:\Windows\Wind32\
C:\Windows\SysWow64\sector\
C:\Windows\system32\sector\
C:\Windows\SysWow64\shell23\
C:\Windows\system32\shell23\
C:\Windows\SysWow64\Winwos\
C:\Windows\system32\Winwos\
C:\Windows\SysWow64\joinernormal\
C:\Windows\system32\joinernormal\
C:\Program Files (x86)\dialers\hot_netherlands\
C:\Program Files\dialers\hot_netherlands\
C:\Program Files (x86)\PopinMV\
C:\Program Files\PopinMV\
C:\Program Files (x86)\Winsoftwaer\
C:\Program Files\Winsoftwaer\
C:\Windows\SysWow64\25321\
C:\Windows\system32\25321\
C:\Windows\InstallDir\
C:\Program Files (x86)\ATIyjcyd\
C:\Program Files\ATIyjcyd\
C:\Program Files (x86)\Company\asfgrtrefd\
C:\Program Files\Company\asfgrtrefd\
C:\Program Files (x86)\svchoot\
C:\Program Files\svchoot\
C:\directory\micr\
C:\Windows\win32dc\
C:\Windows\winfiles\
C:\Windows\Winohgfgoisd\
C:\Windows\WORLD2\
C:\Windows\SysWow64\Important\
C:\Windows\system32\Important\
C:\Windows\SysWow64\VistaWin32update\
C:\Windows\system32\VistaWin32update\
C:\Windows\NUL\
C:\Windows\messenger\
C:\Windows\system\jssetup\
C:\Windows\SysWow64\JSsetup\
C:\Windows\system32\JSsetup\
C:\Windows\SysWow64\comdlg32\
C:\Windows\system32\comdlg32\
C:\SYSTEM\G-923-321232-3232-32211-23\
C:\Windows\SysWow64\Updata\
C:\Windows\system32\Updata\
C:\Windows\SysWow64\copy\
C:\Windows\system32\copy\
C:\Windows\xxxxxxx\
C:\Windows\windows33\
C:\Windows\SysWow64\mswr\
C:\Windows\system32\mswr\
C:\Windows\SysWow64\oobe\rule7\
C:\Windows\system32\oobe\rule7\
C:\Program Files (x86)\srchtist\
C:\Program Files\srchtist\
C:\Windows\SysWow64\%SYSTE~1\
C:\Windows\system32\%SYSTE~1\
C:\Windows\SysWow64\rundl\
C:\Windows\system32\rundl\
C:\Windows\SysWow64\win33\
C:\Windows\system32\win33\
C:\Windows\Messeng\
C:\Windows\NR\
C:\Program Files (x86)\Company Nival\pwmap\
C:\Program Files\Company Nival\pwmap\
C:\Program Files (x86)\Program Files\
C:\Program Files\Program Files\
C:\Program Files (x86)\ReAlplay\Dsetup2\
C:\Program Files\ReAlplay\Dsetup2\
C:\Program Files (x86)\ReAlplay\during\
C:\Program Files\ReAlplay\during\
C:\Program Files (x86)\RealPlay\Russian\
C:\Program Files\RealPlay\Russian\
C:\Program Files (x86)\ResultBrowse\
C:\Program Files\ResultBrowse\
C:\Program Files (x86)\SearchInOneStep\
C:\Program Files\SearchInOneStep\
C:\Program Files (x86)\WinRAR\Formats\Date\H%SESS~1\
C:\Program Files\WinRAR\Formats\Date\H%SESS~1\
C:\Windows\SysWow64\CPAPP\
C:\Windows\system32\CPAPP\
C:\Windows\SysWow64\dlhostest\
C:\Windows\system32\dlhostest\
C:\dialerfun\
C:\Program Files (x86)\augnum\
C:\Program Files\augnum\
C:\Program Files (x86)\windowsliveprotect\
C:\Program Files\windowsliveprotect\
C:\Windows Graphics Manager\
C:\Windows\SysWow64\msgs\
C:\Windows\system32\msgs\
C:\Windows\SysWow64\win321\
C:\Windows\system32\win321\
C:\Windows\SysWow64\wlpMX\
C:\Windows\system32\wlpMX\
C:\Windows\Winohgfgois\
C:\Program Files (x86)\ReAlplay\accordingly\
C:\Program Files\ReAlplay\accordingly\
C:\Program Files (x86)\ReAlplay\integrate\
C:\Program Files\ReAlplay\integrate\
C:\Program Files (x86)\ReAlplay\Platfor\
C:\Program Files\ReAlplay\Platfor\
C:\Program Files (x86)\ReAlplay\privileges\
C:\Program Files\ReAlplay\privileges\
C:\Program Files (x86)\ReAlplay\provided\
C:\Program Files\ReAlplay\provided\
C:\Program Files (x86)\ReAlplay\skipto\
C:\Program Files\ReAlplay\skipto\
C:\Program Files (x86)\ReAlplay\thatcomes\
C:\Program Files\ReAlplay\thatcomes\
C:\Program Files (x86)\ke\
C:\Program Files\ke\
C:\Windows\SysWow64\sora\
C:\Windows\system32\sora\
C:\Program Files (x86)\DictionaryBoss\bar\
C:\Program Files\DictionaryBoss\bar\
C:\Program Files (x86)\Clean-Top\
C:\Program Files\Clean-Top\
C:\Windows\System72\
C:\Program Files (x86)\Green\
C:\Program Files\Green\
C:\Program Files (x86)\greenbb\
C:\Program Files\greenbb\
C:\Program Files (x86)\vaccinecom\
C:\Program Files\vaccinecom\
C:\Windows\SysWow64\sedf\
C:\Windows\system32\sedf\
C:\Windows\Free\
C:\Windows\kingsoftv\
C:\Windows\vista321\
C:\Windows\winsxsss\
C:\Windows\WinXPs.com\
C:\Program Files (x86)\perfectcure\
C:\Program Files\perfectcure\
C:\Program Files (x86)\reall\
C:\Program Files\reall\
C:\Program Files (x86)\searchro\
C:\Program Files\searchro\
C:\Program Files (x86)\sodk\
C:\Program Files\sodk\
C:\Program Files (x86)\toowo\
C:\Program Files\toowo\
C:\Windows\SysWow64\BD\
C:\Windows\system32\BD\
C:\Windows\SysWow64\Micro\Black Ops.com\
C:\Windows\system32\Micro\Black Ops.com\
C:\syst63e.bin\
C:\Windows\spy-net\
C:\Windows\SysWow64\sora\
C:\Windows\system32\sora\
C:\Program Files (x86)\search_link\
C:\Program Files\search_link\
C:\Windows\SysWow64\bL\
C:\Windows\system32\bL\
C:\Windows\SysWow64\clrprv.oo\
C:\Windows\system32\clrprv.oo\
C:\Windows\SysWow64\embedded\
C:\Windows\system32\embedded\
C:\Windows\SysWow64\lothed\
C:\Windows\system32\lothed\
C:\Windows\SysWow64\winp\
C:\Windows\system32\winp\
C:\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\
C:\dnf.lianfa\
C:\EshraQ PM Spammer V1.0[www.topfarsi.com]\
C:\zv\exp\
C:\Windows\lz\
C:\Program Files (x86)\mrgibbage\
C:\Program Files\mrgibbage\
C:\Program Files (x86)\TpScrex\
C:\Program Files\TpScrex\
C:\Userow\
C:\Windows\mspack32\
C:\Windows\sumwin\
C:\Program Files (x86)\2\2\
C:\Program Files\2\2\
C:\Program Files (x86)\dyn_v27\
C:\Program Files\dyn_v27\
C:\Program Files (x86)\Give2SMS\
C:\Program Files\Give2SMS\
C:\Program Files (x86)\greenopen\
C:\Program Files\greenopen\
C:\Program Files (x86)\MClearPC\
C:\Program Files\MClearPC\
C:\Program Files (x86)\nacar\
C:\Program Files\nacar\
C:\Program Files (x86)\popupo\
C:\Program Files\popupo\
C:\Program Files (x86)\qq388\
C:\Program Files\qq388\
C:\Program Files (x86)\tabbrowser\
C:\Program Files\tabbrowser\
C:\Windows\SysWow64\coffin\
C:\Windows\system32\coffin\
C:\Windows\SysWow64\serv\
C:\Windows\system32\serv\
C:\System\kernels\phatk\
C:\Windows\SysWow64\x7\
C:\Windows\system32\
 
It look like it didn't get a log file today, that I think is yesterday one. this is add and remove program log.

Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Any Video Converter Professional 3.2.6
avast! Free Antivirus
BufferChm
C309a
C309g-m
Coupon Printer for Windows
Destinations
DeviceDiscovery
Digicel Broadband CM
DocProc
Fax
FXCM Trading Station
GPBaseService2
HDClone 3.9 Free Edition
High-Definition Video Playback 10
HP Photo Creations
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImgBurn
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) SE Development Kit 6 Update 20
Lotus SmartSuite Release 9.5
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MetaTrader 4.00
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PS_AIO_05_C309_Software_Min
PS_AIO_06_C309g-m_SW_Min
QuickBooks Pro 99
QuickTransfer
Redtube Video Downloader 3.25
save2pc 4.18
save2pc Ultimate 4.14
Scan
SIW version 2010.07.14
SmartWebPrinting
SolutionCenter
Status
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
Toshiba AutoTask
TOSHIBA SD Memory Utilities
TOSHIBA Value Added Package
TrayApp
VirtualCloneDrive
VLC media player 1.0.5
WebReg
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Toolbar
 
The quarrantine file log

2011-12-06 04:59:07 . 2011-12-06 04:59:07 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}.reg.dat
2011-12-05 11:55:08 . 2011-12-07 01:20:34 8,013 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-05 11:48:22 . 2011-12-07 01:14:46 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-11-17 03:30:31 . 2006-11-02 13:22:14 525,792 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\{BD8D1903-49E4-46FE-8AF8-CF622F3522A1}\{C2A6CFA5-08A1-4072-B520-7C67DD7D85EC}\difxapi.dll.vir
2011-11-06 11:03:57 . 2011-11-06 11:04:06 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[9].tmp.vir
2011-11-06 11:03:56 . 2011-11-06 11:03:57 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[8].tmp.vir
2011-11-06 11:03:54 . 2011-11-06 11:03:55 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[7].tmp.vir
2011-11-06 11:03:51 . 2011-11-06 11:03:53 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[6].tmp.vir
2011-11-06 11:03:50 . 2011-11-06 11:03:51 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[5].tmp.vir
2011-11-06 11:01:04 . 2011-11-06 11:01:10 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[4].tmp.vir
2011-11-06 11:01:01 . 2011-11-06 11:01:04 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[3].tmp.vir
2011-11-06 11:00:59 . 2011-11-06 11:01:01 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[2].tmp.vir
2011-11-06 11:00:57 . 2011-11-06 11:00:58 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload[1].tmp.vir
2011-11-06 11:00:55 . 2011-11-06 11:00:56 889,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Low\udDownload.tmp.vir
2011-11-06 10:43:49 . 2009-08-31 10:44:56 144,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll.vir
2011-11-06 10:43:49 . 2010-03-18 19:58:36 96,088 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe.vir
2011-11-06 10:43:48 . 2010-03-18 20:16:28 295,248 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll.vir
2011-11-06 10:43:48 . 2010-03-18 20:16:28 807,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll.vir
2011-11-06 10:43:48 . 2010-03-18 20:16:28 78,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe.vir
2011-11-06 10:43:46 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll.vir
2011-11-06 10:43:46 . 2010-03-18 20:16:28 14,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll.vir
2011-11-06 10:43:46 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll.vir
2011-11-06 10:43:46 . 2010-03-18 20:16:28 14,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll.vir
2011-11-06 10:43:45 . 2010-03-18 20:16:28 17,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll.vir
2011-11-06 10:43:45 . 2010-03-18 20:16:28 17,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll.vir
2011-11-06 10:43:45 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll.vir
2011-11-06 10:43:45 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll.vir
2011-11-06 10:43:44 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll.vir
2011-11-06 10:43:44 . 2010-03-18 20:16:28 17,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll.vir
2011-11-06 10:43:44 . 2010-03-18 20:16:28 19,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll.vir
2011-11-06 10:43:44 . 2010-03-18 20:16:28 15,192 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll.vir
2011-11-06 10:43:44 . 2010-03-18 20:16:28 15,704 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll.vir
2011-11-06 10:43:43 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll.vir
2011-11-06 10:43:43 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll.vir
2011-11-06 10:43:43 . 2010-03-18 20:16:28 16,728 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll.vir
2011-11-06 10:43:43 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll.vir
2011-11-06 10:43:42 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll.vir
2011-11-06 10:43:42 . 2010-03-18 20:16:28 17,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll.vir
2011-11-06 10:43:42 . 2010-03-18 20:16:28 19,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll.vir
2011-11-06 10:43:42 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll.vir
2011-11-06 10:43:41 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll.vir
2011-11-06 10:43:41 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll.vir
2011-11-06 10:43:41 . 2010-03-18 20:16:28 14,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll.vir
2011-11-06 10:43:41 . 2010-03-18 20:16:28 17,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll.vir
2011-11-06 10:23:09 . 2009-08-31 10:44:56 144,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\sqmapi.dll.vir
2011-11-06 10:23:09 . 2010-03-18 19:58:36 96,088 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUtility.exe.vir
2011-11-06 10:23:09 . 2010-03-18 20:16:28 295,248 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUi.dll.vir
2011-11-06 10:23:09 . 2010-03-18 20:16:28 807,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupEngine.dll.vir
2011-11-06 10:23:09 . 2010-03-18 20:16:28 78,152 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\Setup.exe.vir
2011-11-06 10:23:07 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3082\SetupResources.dll.vir
2011-11-06 10:23:06 . 2010-03-18 20:16:28 14,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3076\SetupResources.dll.vir
2011-11-06 10:23:06 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2070\SetupResources.dll.vir
2011-11-06 10:23:06 . 2010-03-18 20:16:28 14,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2052\SetupResources.dll.vir
2011-11-06 10:23:06 . 2010-03-18 20:16:28 17,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1055\SetupResources.dll.vir
2011-11-06 10:23:05 . 2010-03-18 20:16:28 17,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1053\SetupResources.dll.vir
2011-11-06 10:23:05 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1049\SetupResources.dll.vir
2011-11-06 10:23:05 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1046\SetupResources.dll.vir
2011-11-06 10:23:05 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1045\SetupResources.dll.vir
2011-11-06 10:23:05 . 2010-03-18 20:16:28 17,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1044\SetupResources.dll.vir
2011-11-06 10:23:04 . 2010-03-18 20:16:28 19,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1043\SetupResources.dll.vir
2011-11-06 10:23:04 . 2010-03-18 20:16:28 15,192 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1042\SetupResources.dll.vir
2011-11-06 10:23:04 . 2010-03-18 20:16:28 15,704 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1041\SetupResources.dll.vir
2011-11-06 10:23:04 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1040\SetupResources.dll.vir
2011-11-06 10:23:03 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1038\SetupResources.dll.vir
2011-11-06 10:23:03 . 2010-03-18 20:16:28 16,728 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1037\SetupResources.dll.vir
2011-11-06 10:23:03 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1036\SetupResources.dll.vir
2011-11-06 10:23:03 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1035\SetupResources.dll.vir
2011-11-06 10:23:02 . 2010-03-18 20:16:28 17,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1033\SetupResources.dll.vir
2011-11-06 10:23:02 . 2010-03-18 20:16:28 19,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1032\SetupResources.dll.vir
2011-11-06 10:23:02 . 2010-03-18 20:16:28 18,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1031\SetupResources.dll.vir
2011-11-06 10:23:01 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1030\SetupResources.dll.vir
2011-11-06 10:23:01 . 2010-03-18 20:16:28 18,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1029\SetupResources.dll.vir
2011-11-06 10:23:01 . 2010-03-18 20:16:28 14,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1028\SetupResources.dll.vir
2011-11-06 10:23:01 . 2010-03-18 20:16:28 17,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1025\SetupResources.dll.vir
2011-09-01 15:23:57 . 2011-09-01 15:23:57 229,877 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C95B3F8A-55D3-4603-A186-F97E9045A2BD}.xps.vir
2010-08-13 12:16:25 . 2011-10-17 17:24:23 212,992 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\{AC76BA86-1033-0000-7760-000000000002}\asneu.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:14 8,456 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\system32\EuGdiDrv.sys.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:14 13,192 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\system32\epmntdrv.sys.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 11,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-tibetan-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 19,456 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-thai-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 12,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-syriac-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 11,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-khmer-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 7,680 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-indic-lang.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 26,624 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-indic-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 13,312 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-hebrew-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 14,336 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-hangul-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 16,384 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-basic-win32.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 10,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-basic-fc.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 6,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-arabic-lang.dll.vir
2010-08-10 04:57:58 . 2010-02-23 16:51:36 12,288 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\pango\1.6.0\modules\pango-arabic-fc.dll.vir
2010-08-10 04:57:57 . 2010-02-23 16:51:36 88,105 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.10.0\engines\libwimp.dll.vir
2010-08-10 04:57:57 . 2010-02-23 16:51:36 30,208 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.10.0\engines\libsvg.dll.vir
2010-08-10 04:57:57 . 2010-02-23 16:51:34 53,537 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.10.0\engines\libpixmap.dll.vir
2010-08-10 04:57:57 . 2010-02-23 16:51:34 33,792 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\2.4.0\engines\libmetal.dll.vir
2010-08-10 04:57:56 . 2010-02-23 16:51:34 449,506 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\lib\gtk-2.0\modules\modules\libgail.dll.vir
2010-08-10 04:57:56 . 2010-02-23 16:51:08 14,848 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\system32\EuEpmGdi.dll.vir
2010-08-10 04:57:55 . 2010-02-23 16:51:14 86,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\system32\setupempdrv03.exe.vir
2010-08-10 04:57:55 . 2010-04-08 22:16:48 1,711,232 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\EPM\system32\BootMan.exe.vir
2010-06-13 05:13:24 . 2010-06-13 05:13:24 0 ----a-w- C:\Qoobox\Quarantine\C\Windows\winhelp.ini.vir
2009-07-15 04:45:48 . 2009-11-06 16:37:20 91,552 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll.vir
2009-05-15 05:01:25 . 2009-11-06 16:37:19 91,552 ----a-w- C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll.vir
 
paulcheung said:
Something is wrong. most of the programs can't start. said the rigistry is marked for deletion.
Thank you.
Click to expand...

Restart the computer and try again. Combofix sometimes marks things for deletion but doesn't reboot the machine itself.
 
Right now it reboot and shotdown, I try to use the windows 7 dvd to do repair and it just shotdown every time it finish loading the files. I have to take out the dvd and boot from the hdd and do the repair.
I have dual boot with XP in the laptop. Can I just reinstall the windows 7 and won't conflict with the XP boot?and the data partition?
Thanks
 
paulcheung said:
Right now it reboot and shotdown, I try to use the windows 7 dvd to do repair and it just shotdown every time it finish loading the files. I have to take out the dvd and boot from the hdd and do the repair.
I have dual boot with XP in the laptop. Can I just reinstall the windows 7 and won't conflict with the XP boot?and the data partition?
Thanks
Click to expand...

So you just want to start Win7 over from scratch instead of dealing with this? Yes you could just wipe the Win7 partition and reinstall it and it won't affect your data partition or XP. You'd still have to reinstall all your software though.

paulcheung said:
The harddrive is western digital, which disk utility I can use to check the hard drive?
Thank you.
Click to expand...

The one off the WD site?
I'm just guessing it's a Caviar Blue, but it should still work nonetheless
http://support.wdc.com/product/download.asp?groupid=606&sid=30&lang=en
 
The problem is I am not sure if the hard drive is good because this start from windows 7 check the disk first. Do you think by format the partition will be able to tell if the drive still good?
Thanks
 
I'd run the diagnostic tool and see what that says. Formatting the drive won't tell you if it's good or not.
 
I highly suggest checking your drive for errors since I seen this in your combofix log.

2011-12-05 18:28 . 2011-12-05 18:28 -------- d-----w- C:\found.000

That means that checkdisk ran and created that folder. I also saw some very weird output in your combofix log and not sure what to make of it at this point.
 
It fail the extended test, it said too many bad sectors and stop. Man I got three dead drives on my hand now!:mad:
Thanks.
 
You must log in or register to reply here.
Back
Top